5.2. Highlighted Updates and New Features
This section documents new features and important updates in Red Hat Certificate System 9.3:
Certificate System packages rebased to version 10.5.1
The pki-core, redhat-pki, redhat-pki-theme, and pki-console packages have been upgraded to upstream version 10.5.1, which provides a number of bug fixes and enhancements over the previous version. Notably, this update addresses the requirements for the Common Criteria Protection Profile for Certification Authorities Version 2.1.
Certificate System is now RFC 5272-compliant
With this enhancement, Certificate System now complies with RFC 5272 - Certificate Management over CMS (CMC).
Therefore, several CMC features, such as the following, have been added and enhanced:
- The identity proof by signing with another certificate owned by the same entity to support enrollment, renewal, and revocation
IdentityProof V2control with Shared Secret for both enrollment and revocation
- The identification control to support Shared Secret
DecryptedPOPcontrols for non-signing certificates
- The TLS client authentication enforcement for user-signed CMC requests
CMCResponseutilities have been updated to support these new features, and the
CMCSharedTokenutility has been introduced to support the CMC Shared Secret feature.
Highlighted Updates and New Features in the pki-core Package
Features in Red Hat Certificate System, that are included in the pki-core package, are documented in Red Hat Enterprise Linux 7.5 Release Notes: