5.2. Highlighted Updates and New Features
This section documents new features and important updates in Red Hat Certificate System 9.3:
Certificate System packages rebased to version 10.5.1
The pki-core, redhat-pki, redhat-pki-theme, and pki-console packages have been upgraded to upstream version 10.5.1, which provides a number of bug fixes and enhancements over the previous version. Notably, this update addresses the requirements for the Common Criteria Protection Profile for Certification Authorities Version 2.1.
Certificate System is now RFC 5272-compliant
With this enhancement, Certificate System now complies with RFC 5272 - Certificate Management over CMS (CMC).
Therefore, several CMC features, such as the following, have been added and enhanced:
- The identity proof by signing with another certificate owned by the same entity to support enrollment, renewal, and revocation
- The
IdentityProof V2control with Shared Secret for both enrollment and revocation - The identification control to support Shared Secret
- The
EncryptedPOPandDecryptedPOPcontrols for non-signing certificates - The
POPLinkWitnessV2control - The TLS client authentication enforcement for user-signed CMC requests
- The
CMCStatusInfoV2response
Additionally, the
CMCRequest and CMCResponse utilities have been updated to support these new features, and the CMCSharedToken utility has been introduced to support the CMC Shared Secret feature.
Highlighted Updates and New Features in the pki-core Package
Features in Red Hat Certificate System, that are included in the pki-core package, are documented in Red Hat Enterprise Linux 7.5 Release Notes:
