CertAgent has been released. Please visit https://infoseccorp.com/my-account/files and login to download. If this download does not appear and you are on an active maintenance plan, please reach out to techsupport(@)infoseccorp.com or click here to open a support request in the online portal.


1.1 Installation

  1. 1.1.1  Updated Apache Tomcat from 8.5.73 to 8.5.87.
  2. 1.1.2  Updated the title and description in the installer from CertAgent to CertAgent/Dhuma.
  3. 1.1.3  If only Dhuma is installed, the title of the Admin site will change to “Dhuma System Administration” and the description of the product in various pages, configuration files, and scripts will be changed to Dhuma.
  4. 1.1.4  Java 11.0.8 or above is now required.
  5. 1.1.5  IPv6 address is now supported.

1.2 Changes

  1. 1.2.1  Enables HTTP Strict Transport Security (HSTS) and other security related headers in HTTPS response.
  2. 1.2.2  Updated Audit Trail page:

o Audit logs are now paginated and sorted by date in descending order.

o Added last 5, 15, and 30 minutes time period options and changed the default to last 5 minutes.

o Hour and minutes are now supported in the custom time period option.

  1. 1.2.3  Shows a warning message upon logging in to the Admin or CA Account site if the system, TLS, or client authentication certificate is going to expire within 30 days.
  2. 1.2.4  Shows a warning message to the certificate in an ACL if it is going to expire within 30 days.
  3. 1.2.5  Updated the Statistics page to report the number of:

o (CA only) signatures performed by the CA for certificate or CRL issuances.

o (non-NIAP Dhuma only) requests submitted via DMAPI.

  1. 1.2.6  (NIAP only) Added an option to select the TLS credential to be used by its serial number.
  2. 1.2.7  (Non-NIAP CA only) Certificate requests that are not version one are now accepted.
  3. 1.2.8  (Non-NIAP Dhuma only) Updated Dhuma Management API (DMAPI):

o Dhuma accounts can now be managed via DMAPI.
o Updated the Dhuma API sample command line program to submit requests to manage

Dhuma accounts.
o Add an ACL to allow authorized users to manage Dhuma accounts via DMAPI.

CertAgent/Dhuma Release Notes

1.3 Bug Fixes

  1. 1.3.1  Uploads an oversized file now returns a proper error message.
  2. 1.3.2  (Non-NIAP CA only) If NIAP’s strict path validation setting is disabled, it now allows EST operations.
  3. 1.3.3  (Non-NIAP Dhuma only) If a Dhuma account is deleted, its DMAPI ACL is now deleted.
  4. 1.3.4  (Windows only) The Tomcat folder is now deleted properly upon uninstallation.

1.4 Known Bugs, Limitations, and Workarounds

1.4.1 HSM firmware update.

o WARNING: Major firmware upgrades will sometimes remove support for algorithms CertAgent is using and break functionality. Newer firmware from nCipher/Entrust nShield removes support for RSA PKCS#1v1.5 encryption/decryption which CertAgent uses to protect sensitive data. ISC recommends using the ISC Update Algorithm Tool before upgrading the firmware.

1.4.2 Custom Extensions.

o WARNING: No validation checks are performed on custom extensions; whatever values are supplied are treated as opaque blobs and simply inserted into the issued certificates.