5.2. Highlighted Updates and New Features

This section documents new features and important updates in Red Hat Certificate System 9.3:

Certificate System packages rebased to version 10.5.1

The pki-core, redhat-pki, redhat-pki-theme, and pki-console packages have been upgraded to upstream version 10.5.1, which provides a number of bug fixes and enhancements over the previous version. Notably, this update addresses the requirements for the Common Criteria Protection Profile for Certification Authorities Version 2.1.

Certificate System is now RFC 5272-compliant

With this enhancement, Certificate System now complies with RFC 5272 - Certificate Management over CMS (CMC).
Therefore, several CMC features, such as the following, have been added and enhanced:
  • The identity proof by signing with another certificate owned by the same entity to support enrollment, renewal, and revocation
  • The IdentityProof V2 control with Shared Secret for both enrollment and revocation
  • The identification control to support Shared Secret
  • The EncryptedPOP and DecryptedPOP controls for non-signing certificates
  • The POPLinkWitnessV2 control
  • The TLS client authentication enforcement for user-signed CMC requests
  • The CMCStatusInfoV2 response
Additionally, the CMCRequest and CMCResponse utilities have been updated to support these new features, and the CMCSharedToken utility has been introduced to support the CMC Shared Secret feature.

Highlighted Updates and New Features in the pki-core Package

Features in Red Hat Certificate System, that are included in the pki-core package, are documented in Red Hat Enterprise Linux 7.5 Release Notes: