Tomcat 10.1 required for PGW
The PGW of CM 8.9.0 requires Tomcat 10.1.
CM SDK statistics
The CM SDK now supports requests for statistics using the GetStatisticsRequest class.
CM REST API statistics
The CM REST API now supports requests for statistics using the /statistics/* endpoints.
CM REST API supports downloading multiple certificates in a zip
The CM REST API now supports requests to download multiple certificates in a single .zip file using the new /certificates/download endpoint.
CM REST API procedures listing for other types
The CM REST API endpoint "/procedures" now filters and displays other types than the default pkcs10. Use the new request parameter "mediaType" set to "pkcs10", "pkcs12", "smartcard" or "attributecertificate" to choose which type to show.
CM SDK certificate search sort order
The CM SDK now supports sorting in ListCardRequest and ListCertificateRequest. See CertificateSearchCriteria.setOrderBy() in CM SDK JavaDoc.
CM REST API certificate listing sort order
The CM REST API endpoints "/certificates" now supports sorting using the parameters "orderBy" and "orderDescending".
CM REST API procedures details
The CM REST API now contains a new endpoint "/procedures/{procid}/details" that returns detailed information about the specified procedure.
Protocol Gateway with PKCS#11 keystores
There is now documentation on how to use PKCS#11 keystores with Protocol Gateway for officer and RA tokens. See the Installation and Configuration Guide for Protocol Gateway.
The AuthorityKeyIdentifier has been added to all non-self-signed CA certificate formats to be compliant with RFC 5280. Affected formats:
SCEP NDES Challenge page encoding option
Adds the ndesChallengeEncoding option in scep.properties. Allows the encoding of the NDES Challenge webpage to be configurable. The default encoding remains as UTF-8.
The option -gencert from HWSetup tool has been removed. Instead a certificate should be created outside of the HWSetup tool and then imported with the -setcert option.