Skip to main content
Skip table of contents

Release note Certificate Manager 8.4.1

Version: 8.4.1

Release Date: 2021-11-03

Certificate Manager 8.4.1 replaces Certificate Manager 8.4.

Main new features

Certificate provisioning for ETSI Intelligent Transportation System Stations

Protocol Gateway now supports ITS-Station requests for retrieval of Enrollment Credentials and Authorization Tickets in accordance with ETSI 102 941 v1.4.1. See in Configuration files in Protocol Gateway.

Add ACME account email to certificates

A new option is now available to add the ACME account email to the acme produced certificates. See new parameter 'addAccountContactEmail' in

WinEP Enroll On Behalf Of (EOBO)

Protocol Gateway and WinEP now supports EOBO requests. See Enroll on behalf of in WinEP.

Changed functionality

ACME domain name restrictions reduced

The domain name restrictions applied to requests through ACME has been lessened to support single character domain names and domain names containing hyphens (-).

Corrected problems

CM client pin cache bug

A bug in CM 8.4 clients lead to caching of signer pin for an officer token, resulting in signing operations could be performed without entering the token pin.

HSM keys with long keyid

Fixed an issue where HSM hosted keys of long key id's where not correctly identified and handled by CF and AWB.

Fixed broken TLSv1.3 with RSA in Java 11.0.12

Java 11.0.12 altered the way TLSv1.3 works with RSASSA-PSS based TLS certificates, which also affected regular RSA based TLS certificates.

CA formats could not be edited in the AWB

Fixed an issue where CA formats could not be altered using the advanced button for a chosen certificate format in the AWB.

Problem in AWB displaying historic officer signatures

Information related to very old officers objects failed to be correctly displayed in the officer signatures section when signing AWB objects.

Fixed an error when specifying Certificate Procedure in CM-SDK requests

If a Certificate Procedure was specified in a CM-SDK request instead of a Token procedure, it resulted in a null pointer exception.

IETF leap-seconds list hash calculation

Fixed an issue where the hash calculation and subsequent verification failed when verifying the IETF leap-seconds list.

Detailed feature list

For a detailed overview of changed functionality, deprecated functions and corrected problems, see Release.txt which is provided with the installation media.


Contact Information

For information regarding support, training and other services in your area, please visit our website at


Nexus offers maintenance and support services for Nexus Certificate Manager to customers and partners. For more information, please refer to the Nexus Technical Support at, or contact your local sales representative.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.