Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

Skip to end of metadata
Go to start of metadata

Version: 8.3

Release Date: 2020-09-18

Main new features

SCEP has now support for Intune

The SCEP implementation in Protocol Gateway has been extended with support for Microsoft Intune certificate enrollment. Read more here: Certificate Manager interfaces.

SCEP has now support for dynamic challenge passwords

The SCEP implementation in Protocol Gateway and Certificate Factory has been extended with support of dynamic challenge passwords complying to Microsoft's Network Device Enrollment Service (NDES) implementation. Read more here: Certificate Manager interfaces.

SDK proxy in Protocol Gateway provides reverse proxy

The new SDK proxy in Protocol Gateway provides a reverse proxy between CM clients (such as CM-SDK, AWB, etc.) and the CM server. The SDK proxy can be used to prevent exposing CF directly to external client. For more information see "Installation and Configuration Guide - Protocol Gateway".

View and download latest built CRL/CIL in the AWB

The latest issued CRL/CIL of a CRL/CIL procedure can now be viewed and downloaded using the AWB.

Configure start of certificate validity in format definition

The Id2Legacy.certvalidity-start-margin parameter specifies a time duration that is subtracted from the current time to get the start time of the validity, see "Start of certificate validity" in Technical Description.

Store issuing CA as storage policy for issuer certificates

The token storage policy for issuer certificates in token procedures contains the new choice "Store the issuing CA".

Secure key injection protocol

The secure key injection protocol (SKIP) enables end to end protection of server generated key pairs for constrained devices. Read more here: Use the Secure Key Injection Protocol in Certificate Manager.

CMC supports Revocation Request

The CMC implementation in Protocol Gateway has be extended to support the Revocation Request Control. Read more here: Certificate Manager interfaces.

Changed functionality

Extended token procedure filter

The functionality of the token procedure filter in the Officer Profile has been extended to not only filter which token procedure the officer is allowed to access, but to also filter certificates based on which token procedure that was used when issuing the certificate.

Corrected bugs

LDAP MultiValue Attributes

Fixed an issue where CM failed to add additional values to LDAP attributes allowing multiple values. Also fixed an issue where there was not possible to unpublish the user certificates out of order.

Known Problems, Issues and Limitations

See the CM 8.3 Release.txt file for a list of Known Problems, Issues and Limitations.


Contact Information

For information regarding support, training and other services in your area, please visit our website at


Nexus offers maintenance and support services for Nexus Certificate Manager to customers and partners. For more information, please refer to the Nexus Technical Support at, or contact your local sales representative.

Related information