Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Included in Certificate Manager delivery

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Nov 13, 2023 by Josefin Klang (Deactivated)
3 min read

This article is valid for CM 8.4.1 and later.

This article lists how Smart ID Certificate Manager (CM) is delivered.

The CM distribution package consists of the following items:

  • All documentation related to CM servers and CM clients. See Smart ID Certificate Manager.

  • Installation files for both CM servers and CM clients for either Windows or Linux operating systems. The Windows distribution also contains installation files for Key Generation System (KGS) and WinEP.

  • Upgrade instructions to upgrade from previous versions of CM server and CM clients to the current version.

In order to verify the integrity of the distribution package the SHA256 checksum is provided along with the distribution download.



Certificate Manager server components for Windows and Linux are included. 

A delivery of Certificate Manager server components consists of the following items:

  • Installation packages
    Certificate Manager installation package contains all components including the Boot kit.

  • Delivery note
    Specification of the contents of the delivery.

In order to complete the bootstrap you need to retrieve the separately provided soft tokens, see below: “Soft boot officers”.



Certificate Manager clients for Windows and Linux are included. 

A delivery of Certificate Manager client components consists of the following items:

  • Installation packages
    Certificate Manager installation package contains all components.

  • Delivery note
    Specification of the contents of the delivery.



The Boot kit consists of a number of files provided in the installation package. The CA's private key is the same for all delivered systems and they must be replaced. The Boot kit files are listed and their purposes described in the following table:

File

Description

File

Description

ca.p12

Contains the initial private key of the CA to be installed on the CIS.

pin.crt

A certificate used to encrypt PIN-codes in the KGS so that they can be decrypted in the CF. Installed on the KGS.

pin.p12

A private key used to decrypt the PIN-codes from the KGS in the CF. Installed on the CF.

tls.p12

A private key used in the CF for TLS negotiations. Installed on the CF.

kek.p12

Key encryption key installed on the CF when KAR is enabled.

keyblob.bin

The public key of the boot CA to be stored in the CF database.

cablob.bin

The CA-certificate of the boot CA to be stored in the CF database.

tcsigner.p12

A private key used in the PPA to sign transport certificates.

tcsigner.cer

Certificate used in CF to verify transport certificates.





Soft tokens (PKCS#12) for bootstrap officers are required to login to the CM clients to perform the necessary bootstrap instructions. They are not delivered with the CM installation package and needs to be retrieved separately from Nexus support portal.

File

Description

File

Description

so1.p12

Soft token for bootstrap officer #1

so2.p12

Soft token for bootstrap officer #2







Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions