Version: 8.5.3. This version also includes all updates from 8.5.1.
Release Date: 2022-07-07
Main new features
Issue with caching when running multiple CF instances
Certificate Manager uses a cache to store CA, key, and policy objects to minimize queries against the database. When running a system with multiple CF instances this cache did not properly synchronize between all the CF nodes. Issues like not being able to make a two-step signing of an object from different nodes, not being able to delete or modify unsigned objects could occur. This is now resolved by having the cache poll against the database for updated objects, the interval for this poll is 60 seconds per default. The interval can be configured in the cm.conf file by setting the parameter AdminStoreCache.duration to a preferred value.
Modifying a CRL procedure threw multiple exceptions
On a Certificate Manager system configured with multiple CF instances, Null Pointer Exceptions and GeneralizedTimeExceptions could be found in the CF logs after changing the format or the issuing CA of a CRL or CIL procedure. This has been fixed.
X.509 contained single SET
It is now possible to configure multi-value subject and issuer attributes to be contained in a single RelativeDistinguishedName SET. This is activated by setting the parameter 'RelativeDistinguishedName.containedSingleSet' to 'true' in the 'certformat' or using the 'Advanced' button next to the format field for each affected Certificate Procedure. Activating this flag changes the ASN.1 structure of the resulting certificate and should only be done if there is a known need for it.
AES256 protection of CA keys in PKCS#12 key store file
AES256 is now used as protection of the P12 ca-key store in CIS, instead of previously used 3DES. If the current encryption is not AES256 or the number of hash iterations for the pin has changed, the key store file is re-encrypted with the new protection parameters at the start of CF/CIS service.
Detailed feature list
For a detailed overview of changed functionality, deprecated functions and corrected problems, seeRelease.txtwhich is provided with the installation media.
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.
Nexus offers maintenance and support services for Nexus Certificate Manager to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.