Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

End-Entity Uniqueness

According to the SCEP specification, there must be only one pair of keys for a given subject name and key usage combination at any one time. Therefore, if an entity needs to enroll a second time, the old certificates must be revoked.

The end entity certificates are defined by their UniqueID, which is defined as:


Limitations in the Certificate Manager implementation

Certificate Retrieval

The SCEP protocol specification defines a message GetCert used to download certificates from the CA. This is not supported in the current implementation. End-entities are encouraged to use LDAP for this.

CRL Distribution

The SCEP entities must use the CRL Distribution Point in the certificate to download the CRL. The PKI CRL query message, GetCrl, is not supported in the Certificate Manager implementation.

Manual Mode

Manual mode, that is, a way for a Certificate Manager administrator to accept or deny a request while the end-entity is waiting, is not supported in the Certificate Manager implementation.