Deprecated Functionality From Venafi Platform

Summary

This article contains a current list of features that have been removed from shipping versions of Trust Protection Platform. Deprecated features are grouped by the release in which they were removed. This document lists deprecations for all supported versions of Trust Protection Platform, since you might be upgrading from any supported version, and you need to review the deprecated features for ALL versions between your source version and your target version.

Applies To:

All versions of Trust Protection Platform.

See Also:

For a list of features that are scheduled for deprecation in upcoming releases, see https://docs.venafi.com/22.1/deprecation-list-future.

Venafi Platform 22.1

Pass-through Authentication
Pass-through authentication is deprecated. To configure the Venafi login experience, use SAML support instead. For detailed information on configuring SAML SSO, see our documentation portal or the Venafi Administration Guide

VAM nShield Certificate Installation Driver
Starting in 21.4, application objects that manage certificate installation via VAM nShield will be converted to Basic application objects.

User/About pages
Licensing information about third-party libraries is no longer available on the User Menu/About page.  Third-party information is only available in the product documentation. In future versions of Venafi Platform, information about loaded assemblies and UI plugins will also be removed.  Assembly and plugin information was intended for troubleshooting. Based on usage evaluation, these pages are scheduled for deprecation.

WebAdmin dashboard
Although the WebAdmin dashboard was officially deprecated in 20.2, it was still accessible to customers. In 22.1, the WebAdmin dashboard code was removed from the product.

UniCert CA Driver
This integration saw little to no use.  It has been removed in 22.1. Upgrades are now easier because configuration steps regarding its Windows service configuration have also been removed. 

WebAdmin Login page
In 22.1, there is a single login experience for all technology stacks. The simplified login experience makes the WebAdmin login page no longer necessary. To preserve a similar experience, customers can set a WebAdmin page, such as the Policy Tree, as the default landing page for each product.

Venafi Platform 21.4

End User Portal and User Agent no longer available in Client Protect
As part of our rebranding of the Endpoint Protect product being updated to Client Protect, we are removing features such as the User Agent (sometimes referred to as AJ) and the User Portal.  These are no longer available in the Client Protect product in 21.4 and going forward.

20.1 Code Signing Client must be Upgraded
In 21.4, CodeSign Protect will no longer support the code signing clients from 19.2-20.1. Undocumented REST APIs used by these older client versions have being removed. Prior to upgrading to 21.4 or higher, please upgrade your code signing clients to more recent versions.

Venafi Platform 21.3

Internet Explorer 11 is no longer supported by the Web Consoles
Google Chrome and the chromium version of Edge are now the only supported browsers. Firefox continues to be compatible with the Web Consoles of Trust Protection Platform. Internet Explorer 11 is considered incompatible

Symantec MPKI CA Driver
The Symantec MPKI CA driver is deprecated. Once you upgrade to 21.3.x (or later) any existing Symantec MPKI CA Templates will become unavailable. Certificates using the Symantec MPKI CA driver should be migrated manually to DigiCert CA.

Venafi Platform 21.1

Server Agent no longer supports 32-bit Linux
Due to Red Hat Enterprise Linux 7 (and later releases) and the deprecation of 32-bit operating systems for its product line, Venafi no longer offers the 32-bit version of the Linux Installer and Venafi Update Packages.

Server Agent support for TLS 1.0 , 1.1
As previously announced, the Server Agent no longer supports TLS 1.0 and 1.1 due to vulnerabilities in these protocols. TLS 1.2 is now required.

Venafi Platform 20.4

DigiCert
DigiCert has recommended that we update our driver to take advantage of a new "skip_approval" option which streamlines processing on their side for up to a 30% increase in performance. As a result, Venafi Platform workflow will be the only method for requiring human approval of certificate requests beginning in 20.4.

Venafi Platform 20.3

Aperture User Search Permission
As part of the broader movement to a unified web interface, and in conjunction with the Identities enhancements in 20.3, the Aperture User Search permission (previously found on the user settings page in Aperture) is no longer required. All users will be able to search for other users, so they can work with the new Teams feature.

GeoTrust Reseller CA Driver
The GeoTrust Reseller CA driver is now obsolete and has been removed from Trust Protection Platform. 

IBM DataPower Application Driver XML API 
XML API for IBM DataPower Application Driver has been deprecated. Only the XML part of the API interface is deprecated. The REST APIs are still supported.

Venafi Server Agent support for AIX 5.3 and 6.X platforms
Support for AIX 5.3 and 6.X platforms for Server Agent has been deprecated. This is because IBM discontinued support for these versions in 2016 and 2018, respectively. Server Agent 20.3 now supports 7.1 to enable Venafi to continue delivering updated 3rd party libraries going forward. 

Venafi TrustNet service
As communicated directly to affected customers, the Venafi TrustNet service has been deprecated and the TrustNet endpoint has been disabled.

Windows Server 2012 R2
Support for Windows Server 2012 R2 is deprecated for Trust Protection Platform servers.

Venafi Platform 20.2

End support for SQL 2012 and SQL Server 2014
Venafi Trust Protection Platform no longer supports SQL Server 2012 and SQL Server 2014. SQL Server 2016 SP2 Standard is the new minimum supported version.

A10 Network driver
The A10 Networks AX Series ADC product is now obsolete, so the corresponding application driver in Trust Protection Platform has been removed. This integration has been transitioned to the partner ecosystem where A10 Networks is offering provisioning support for their Thunder ADC products.

Juniper Secure Access Service
The Juniper Secure Access Service product is now obsolete so the corresponding application driver in Trust Protection Platform has been removed. Those seeking support for its replacement product, Pulse Connect Secure SSL VPN, should contact their Pulse Secure account team about joining the Venafi Technology Partner Network.

Default user tree in WebAdmin and dashboard in WebAdmin
As part of the multi-year effort to unify the consoles in Trust Protection Platform, a new unified menu is available in 20.2. Since these features were rarely used, they were removed from the product as part of the re-design.

Thawte CA driver
DigiCert announced an end-of-life date of 30 March 2020 for Thawte CA driver. The corresponding driver, now obsolete, has been removed from Trust Protection Platform. DigiCert is migrating customers to CertCentral. Customers using the old driver should migrate to the DigiCert CA driver.

GeoTrust TrueFlex CA driver
DigiCert announced that 30 March 2020 was the end-of-life for GeoTrust TrueFlex CA. The corresponding driver, now obsolete, has been removed from Trust Protection Platform. DigiCert is migrating customers to CertCentral. Customers using the old driver should migrate to the DigiCert CA driver.

Venafi Platform 20.1

Splunk Log Channel Driver
In 19.3, we made significant enhancements to our Syslog driver which we believe, based on feedback from customers and Splunk themselves, provides an overall better integration path that the Splunk driver which is delivering event data in a manner that is not common for enterprise applications.  Thus the Splunk driver has been removed from the Venafi Platform. After upgrading to Trust Protection Platform version 20.1, existing Splunk driver objects appear as a question mark. (?). They'll no longer function, but you'll have the ability to delete them.

SSH connection method removed from the Citrix NetScaler driver
In Trust Protection Platform version 17.1, Venafi began transitioning from SSH CLI to REST API in connection with updates made at that time to the NetScaler driver and the introduction of Onboard Discovery. During subsequent releases, Venafi continued to support the SSH CLI in order to give customers time to migrate existing instances. With the release of Trust Protection Platform 20.1, the legacy SSH connection method has been removed from the Citrix NetScaler driver. The currently supported connection method for this driver is now HTTPS only. 

SSH connection method removed from the IBM DataPower driver
In Trust Protection Platform version 17.3, Venafi began transitioning from SSH CLI to REST API in connection with updates made at that time to the IBM DataPower driver and the introduction of Onboard Discovery. During subsequent releases, Venafi continued to support the SSH CLI in order to give customers time to migrate existing instances. With the release of Trust Protection Platform 20.1, the legacy SSH connection method has been removed from the IBM DataPower driver. The currently supported connection method for this driver is now HTTPS only. 

Web SDK API Key authentication deprecation schedule
For the Web SDK, the API key authentication feature is deprecated. Beginning in 22.2, you will need a special temporary license key to leverage WebSDK API key authentication. Without the license key, both POST Authroize and the WebSDK Permission will not be available. Please migrate to OAuth token authentication.

Web SDK Authorization Methods involving API Keys
API key authentication is considered depreciated. The following methods are deprecated: POST vedsdk/Authorize, POST vedsdk/Authorize/Certificate, GET /vedsdk/Authorize/CheckValid, GET vedsdk/Authorize/Integrated.

Instead of an API key, you need to migrate to use token authorization methods in the Auth SDK as soon as possible. Introduced in 19.2, token authorization provides longer session validity, support for load balancing Web SDK servers, and granular access controls via scopes and privileges.  

Special Certificate Placement Behavior for Network Discovery
Since 14.3 - when we find multiple generational versions of the same certificate on use in the network, the TLS product had special behavior in how certificates were stored.  The product would create multiple certificate objects and move the appropriate applications/installations to the two certificate objects to represent where they are installed.

Starting in 20.1 - we will no longer have this special behavior and the placement will be more in line with the behavior experienced with Server Agent Discovery Placement.  When there are multiple generations of the same certificate discovered - we will rely on daily validation to notify certificate owners that the old certificates are still in use.