Detailed information about changed functionality, deprecated functions, corrected problems, and known issues, is included in theRelease.txt file. The file is provided with the installation media.
CM 8.8 was released internally only.
Overview of main new features
Java 17 is required
Certificate Manager is now using Java version 17. CM is verified to work with both Oracle Java 17 and with OpenJDK 17. However, the CM SDK supports Java version 11 and Java 17.
AUTH Servlet
Added support for the Authentication Servlet that will be used with the upcoming CM WEB UI.
RAPCACS (V2X) heartbeat file
RAPCACS for v1 and v2 now support a heartbeat file for easier monitoring.
Override Ed25519 algorithm parameter in CIS device
To support import of keys which need a custom algorithm parameter OID for Ed25519 keys, it is now possible to configure CIS devices to override the standard Ed25519 algorithm parameter OID with a configurable one in cis.conf. See parameter "ed25519Override" in the Technical Description section 3.3.3.1.9.
CMP raVerified
The CMP servlet in PGW now supports CMP requests with raVerified Proof-Of-Possession. See PGW documentation for more information.
Importing of a EC keypair from a p12 file with HWSetup tool
With the HWSetup tool it is now possible to import an EC keypair from a p12 file, previously only RSA and DSA keys was supported.
Importing of a wrapped private key with HWSetup tool
The new unwrap command in HWSetup tool makes it possible to import a wrapped EC/ED/RSA/DSA private key.
Changed functionality
Tomcat 10.1 required for PGW
The PGW of CM 8.9.0 requires Tomcat 10.1.
CM SDK statistics
The CM SDK now supports requests for statistics using the GetStatisticsRequest class.
CM REST API statistics
The CM REST API now supports requests for statistics using the /statistics/* endpoints.
CM REST API supports downloading multiple certificates in a zip
The CM REST API now supports requests to download multiple certificates in a single .zip file using the new /certificates/download endpoint.
CM REST API procedures listing for other types
The CM REST API endpoint "/procedures" now filters and displays other types than the default pkcs10. Use the new request parameter "mediaType" set to "pkcs10", "pkcs12", "smartcard" or "attributecertificate" to choose which type to show.
CM SDK certificate search sort order
The CM SDK now supports sorting in ListCardRequest and ListCertificateRequest. See CertificateSearchCriteria.setOrderBy() in CM SDK JavaDoc.
CM REST API certificate listing sort order
The CM REST API endpoints "/certificates" now supports sorting using the parameters "orderBy" and "orderDescending".
CM REST API procedures details
The CM REST API now contains a new endpoint "/procedures/{procid}/details" that returns detailed information about the specified procedure.
Protocol Gateway with PKCS#11 keystores
There is now documentation on how to use PKCS#11 keystores with Protocol Gateway for officer and RA tokens. See the Installation and Configuration Guide for Protocol Gateway.
AuthorityKeyIdentifier in non-self-signed CA certificate formats
The AuthorityKeyIdentifier has been added to all non-self-signed CA certificate formats to be compliant with RFC 5280. Affected formats:
rfc5280CA
iot-ca
SCEP NDES Challenge page encoding option
Adds the ndesChallengeEncoding option in scep.properties. Allows the encoding of the NDES Challenge webpage to be configurable. The default encoding remains as UTF-8.
The option -gencert from HWSetup tool is removed
The option -gencert from HWSetup tool has been removed. Instead a certificate should be created outside of the HWSetup tool and then imported with the -setcert option.
Contact and support
For information regarding support, training, and other services in your area, visit www.nexusgroup.com/ . Nexus offers maintenance and support services for components to customers and partners.
For more information, go to Nexus Technical Support or contact your local sales representative.
