Release date: 2025-12-19
Release.txt
Detailed information about changed functionality, deprecated functions, corrected problems, and known issues is included in the Release.txt file. The file is provided with the installation media.
Overview of main new features
Store CIS audit log events in CMDB for internal CIS
CIS audit events can now be stored in the CF AuditLog table in CMDB instead of the file based signed CIS log. This is only possible when CIS operates internally within Certificate Factory (CIS in CF). The new CIS audit log events are searchable in the AWB in the same way as CF audit log events.
For new CM installations with CIS in CF, database logging is enabled by default. For new CM installations with separate CIS services, the file-based audit logging is enabled by default. Customers upgrading CM has to decide if to stay with file-based CIS audit log or if to switch to database logging, if running CIS in CF.
See CM Technical Description appendix 'B.2. Audit Notifications' for more details on the new CIS log events, and cis.conf for more details on how to configure.
V2X New workshop endpoint for reset the maximum number of parallel ATs per C-ITS-S
New JSON POST endpoint "/v1/vehicles/at-limit-reset-requests".
CF now supports alternative postalAddress encoding in X.509 certificates
According to the X.509 standard, postalAddress should be encoded as a Sequence of DirectoryString. CF now also supports cases where postalAddress is encoded directly as a DirectoryString. For technical details, refer to section 8.5.1. Id2Signer1 in the Technical Description.
ACME account update support in Protocol Gateway
Support to update account information for an existing ACME account via the ACME protocol in Protocol Gateway as specified in RFC 8555 section 7.3.2.
CMP GetCACerts message support
Support for the CMP GetCACerts message. This enables clients to retrieve CA certificates via CMP according to RFC 4210 and the update RFC 9480.
Liveness HTTP endpoint added to CF
It is now possible to enable a liveness HTTP endpoint in CF.
Changed functionality
PGW hardening fix and servlet schema updated to 6.0
PGW Tomcat security hardening has been fixed in the specification of the allowed HTTP methods on the servlets. Additionally, the servlet schema has now been updated to use the 6.0 Servlet Spec, which is supported by Tomcat 10.1.x.
CM SDK and PGW sets SNI host name in HTTP 'host' header
If configuring CM SDK or PGW with SNI, the configured SNI host name is now populated in the HTTP 'host' header in the HTTP requests.
New database indexes added to increase performance
To increase general performance, new database indexes where added in CMDB to the tables AdminStore, CilRuntime and CrlRuntime.
Improved performance for Create Officer Profile dialog in AWB
In systems with a large amount of certificates in the CMDB the Create Officer Profile dialog has been slow to open. This has been improved.
Possibility to disable statistics under "System Summary" in AWB
It is now possible to disable display and query of the statistics for issued, revoked and published end user certificates in the "System Summary" in AWB by setting the configuration parameter disableSummaryStatistics in client.conf.
Contact and support
For information regarding support, training, and other services in your area, visit https://nexus.ingroupe.com/. Nexus offers maintenance and support services for components to customers and partners.
For more information, go to Nexus Technical Support or contact your local sales representative.