Service release notes Certificate Manager 8.10.x
For more details about CM service releases, see Patch Certificate Manager.
CM service release 8.10.7
CM clients
Unable to modify officer objects in AWB without SA license
Resolves an issue where the new Signing Authority roles were loaded even when the clients did not have a license for the Signing Authority feature. This caused officer objects to no longer be created or modified, and has now been resolved.
CM service release 8.10.6
Regular installation
Signing Authority now compatible with OpenSSL
The Signing Authorities configured with format signing_pkcs7 now delivers a SignedData structure wrapped in a ContentInfo structure (as defined by rfc2315).
Reuse HSM sessions
Fixes a problem introduced with CM 8.10.3 which caused opening of new sessions to HSMs, instead of reusing existing ones. The problem caused operations towards HSM to take longer time than necessary, thus degrading performance.
Podman installation
Changes to CF server image 8.10.6-1
Updated Java version
The bundled java version has been updated from 17.0.11_9 to 17.0.12_7.
Changes to PGW image 8.10.6-1
Updated java version
The bundled java version has been updated from 17.0.11_9 to 17.0.12_7.
Updated tomcat version
The bundled tomcat version has been updated from 10.1.25 to 10.1.28.
CM service release 8.10.5
CM clients
Fixes Authority hierarchy in AWB
Fixes an issue in the AWB which caused CA certificates containing path length constraint = 0 to be displayed incorrectly in the Authority hierarchy. It also caused problems when importing CA certificates with AKI = NULL.
CM service release 8.10.4
Regular installation
Inactive Signing Authorities could still be used
Closed, revoked or expired SA now correctly denies incoming signing requests.
Signing Procedures could be used when closed
Closed Signing Procedures now correctly denies incoming signing requests.
Produced incorrect signatures for SA with EC based key
Corrects an issue where an invalid signature was applied to signing requests against a Signing Procedure using the signing_digest format with an EC based Signing Authority.
Podman installation
Changes to CF server image 8.10.4-1
Base image for CF server is changed to "scratch". A strippedJRE based on Adoptium Temurin JDK 17 is used as the CM runtime.
Changes to PGW image 8.10.4-1
Base image for CF server is changed to "scratch". A stripped JRE based on Adoptium Temurin JDK 17 is used as the CM runtime.
CM service release 8.10.3
Regular installation
Periodic delta CRL included entries of the full CRL
Fixes a bug which caused the periodic delta CRLs to include the CRL entries of the full CRL which it references.
CM clients
Fixes signing error in AWB for co-signer with IDPrime MD cards
Resolves an issue with IDPrime MD840 and MD940 cards where the co-signer could only sign once per login. This fix needs to be applied together with a configuration change in Personal.cfg when using IDPrime MD cards.
Configuration changes to be apply to Personal.cfg:[CSP_PKCS11]
P11_LogoutAfterSign=1
Fixes wrong automatic role selection in AWB
Resolves an issue where the 'Use AWB' role was automatically selected when selecting the role 'Signing Authority Requests'. The correct 'Use Client' role is now automatically selected instead, if not already selected.
CM service release 8.10.2
Regular installation
Fixes issue when using SA with EC based keys with signing_pkcs7
Corrects an error regarding invalid signing algorithm when requesting a signature against a Signing Procedure using the signing_pkcs7 format with an EC based Signing Authority.
CM service release 8.10.1
Regular installation
Support for CRL based revocation time for Secunet publications
The 'Secunet OCSP Revocation' publication format now supports the parameter 'secunet.crlBasedRevocationTime'. This allows revocation information distributed to a Secunet OCSP responder to have a more accurate revocation time. This flag is deactivated by default.
Activate the 'secunet.crlBasedRevocationTime' flag by navigating to the publication procedure in AWB that is using the publication format 'Secunet OCSP Revocation' and modifying the format with the 'advanced' button.
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions