Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

Version: 8.4

Release Date: 2021-06-09

Main new features

Edit format definition parameters in AWB

The AWB now enables customizing of format definition fields in certificate, key, CRL and CIL procedures. Default parameters are displayed from the chosen format file. Customized configuration is stored in the CM database as part of the signed procedure, not in the chosen format file. Each procedure in the AWB will contain its own specific format definitions. When upgrading to later CM versions will the customization remain by being part of the signed procedure configuration.


AWB bulk signing

CM officers can now sign multiple AWB configuration objects at once by placing them in a folder, sign the folder and then select the Execute bulk signed from the Tools meny. Read more here: Sign tasks in Certificate Manager.


PKCS#11 performance improvements (TLS/KAR)

Performance in the TLS and KAR handling during high load when keys are protected by HSM, has been improved by use of pooling of PKCS#11 sessions.


New configuration parameter for PGW EST simple reenroll

The new EST configuration parameter 'allowRenewalWithOldCertificates' controls if the client TLS certificate must match the latest issued certificate for the requested subject. Read more here: Authentication and preregistration for EST.


EST registrations now supports authentication certificates

EST registrations has been extended with support for authentication certificates. See new inputview 'est-auth-cert' and read more here: Authentication and preregistration for EST.


Manual authorization of EST based certificate requests using IDM

It is now possible to configure the EST server for manual authorization of requests using IDM (Smart ID Identity Manager). Read more here: Authentication and preregistration for EST.


Distribution Agent LDAP session pooling and performance improvements

Improved pooling of LDAP sessions during distribution to directories now enables better connection stability.
Improved performance by fetching a chunk of distributions from the database to the dispatcher working pool. The maximum value is configurable.


Distribution Agent HTTP timeouts now configurable

It is now possible to configure the connection and request timeout for publication of certificates or CRLs over HTTP.


PGW Distribution Point server for CA and CxL files

The Protocol Gateway Distribution Point server now supports distribution of X509 CA, CRL and CIL files.


Added CM Tools

Two new tools have been added to CM Tools.

SubjectsTool: This tool can be used to verify and regenerate the contents of the Subjects table in CMDB. Read more here: Subjectstool command-line tool in Certificate Manager.

ActiveEntitiesTool: This tool can be used to count the number of current active certificates, and the number of distinct subject entries connected to them. Read more here: ActiveEntitiesTool command-line tool in Certificate Manager

Changed functionality

Allow revocation of NotYetValid certificates in CC

It is now allowed to revoke a certificate that is not yet valid via the certificate controller client.


Upgrade Tools moved to CM-tools

Tools that are used to perform certain CM server upgrades, such as copycacerts, configdiff and updateauditLog have been moved from their individual .jar files into 'cm-tools.jar'.


Moved CMDB AuditLog update instructions to code

The AuditLog database update instructions, when upgrading from version 8.0 to 8.1 has been moved to run as a background job in CF. This was done to minimize the upgrade time and ensure minimal downtime between upgrades when the AuditLog table is very big.


SCEP PKCS#7 response default encryption algorithm changed

The default encryption algorithm for encrypting the SCEP PKCS#7 response has been changed from DES (OiwSecDesCbc) to AES-128 (Aes128-CBC). The encryption algorithm to use is also made configurable in PGW scep.properties with the parameter 'responseEncryptionAlgorithm'.

Detailed feature list

For a detailed overview of changed functionality, deprecated functions and corrected problems, see Release.txt which is provided with the installation media.

Contact 

Contact Information

For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/

Support

Nexus offers maintenance and support services for Nexus Certificate Manager to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.

Related information