V4.2.4

New Features in Release 4.2.4

Release Date: 05/07/2024

The new features introduced in release 4.2.4, focusing on Cloud HSM, Partition CRL, Certificate Renewal, ACME Revocation Capabilities, and API Authentication.

1. Cloud HSM

Release v4.2.4: Cloud HSM Support for AWS Servers

We are pleased to announce that version 4.2.4 includes the implementation of Cloud HSM support for AWS servers. This feature enhances the security and performance of cryptographic operations by leveraging AWS Cloud HSM.

Key Feature:

Cloud HSM for AWS Servers: In this release, we have integrated AWS Cloud HSM support, allowing servers to use AWS's hardware security modules for secure key management and cryptographic processing. AWS Cloud HSM provides a dedicated, tamper-resistant hardware environment for managing cryptographic keys, ensuring high levels of security and compliance.

Benefits:

Enhanced Security: Keys are stored and managed within AWS's secure HSM devices, providing a higher level of protection against unauthorized access and tampering.
Improved Performance: Offloading cryptographic operations to AWS Cloud HSM reduces the computational burden on your servers, improving overall application performance.
Compliance: Utilizing AWS Cloud HSM helps meet stringent regulatory and compliance requirements for data protection and cryptographic key management.

This new capability is designed to provide a robust and scalable solution for securing your applications and data on AWS.

2. Partition CRL (Certificate Revocation List)

We are excited to announce the introduction of Partial CRL functionality in version 4.2.4, a significant improvement to our certificate revocation handling capabilities.

What are Partial CRLs?

Partial CRLs (also known as Delta CRLs) contain only the most recent certificate revocations, making them much smaller than full CRLs. This size reduction brings multiple benefits:

Reduced Network Bandwidth: Smaller file sizes lead to faster downloads and less strain on network resources.
Optimized Validation Speed: By focusing on recent revocations, validation processes are streamlined, resulting in quicker checks.
Enhanced Responsiveness: The system can react more rapidly to new revocations, keeping your validation environment up-to-date.

How Partial CRLs Work in Version 4.2.3

Base CRL: A full CRL is generated periodically, providing a comprehensive snapshot of all revoked certificates.
Partial CRL Generation: New revocations are recorded in smaller partial CRLs numbered sequentially.
Cycling and Overwriting: The system limits the number of stored partial CRLs to maintain efficiency. Once the limit is reached, the oldest partial CRL is overwritten with the newest one, ensuring that only the most recent revocations are readily available.
Validation Process: During certificate validation, both the base CRL and the latest partial CRLs are checked to ensure the most accurate assessment of a certificate's status.

3. Certificate Renewal

The Certificate Renewal feature in release 4.2.4 has been enhanced to allow users to renew certificates before they expire using the same key. Here’s a brief explanation:

This functionality is designed to ensure secure communication and authentication continuity by renewing certificates before they expire.

This feature provides the advantage of not having to generate a new key pair, simplifying the renewal process. However, it still requires manual intervention to initiate the renewal process. Therefore, careful monitoring is necessary to ensure certificates are renewed before they expire.

4. ACME: Revocation Capabilities

Release v4.2.3: Enhanced Security with ACME Revocation Capabilities

We are pleased to announce that version 4.2.3 introduces improved security measures with the activation of revocation capabilities through the Automated Certificate Management Environment (ACME). This enhancement ensures more robust management of digital certificates, contributing to a safer and more secure platform.

Key Feature:

ACME Revocation Capabilities: In this release, we have enabled the ability to revoke digital certificates automatically using ACME. This feature enhances the security of our platform by allowing for the prompt and efficient revocation of compromised, expired, or no longer needed certificates.

Benefits:

Increased Security: Automated revocation helps prevent the misuse of compromised or invalid certificates, protecting against potential security threats.
Compliance: Ensures adherence to security standards and regulations that require timely revocation of certificates.
Efficiency: Automating the revocation process reduces the administrative burden and minimizes the risk of human error.
Reliability: Enhances the overall trust in the platform by ensuring that only valid and authorized certificates are in use.

This new capability is designed to provide a more secure and reliable certificate management process.

5. API Authentication

Enhanced Security and Authentication in Version 4.2.4

Version 4.2.4 of our software introduces robust, industry-standard authentication mechanisms for API access, designed to improve both security and scalability:

CA Management

Authentication Method: SHA256-based AuthKey
Key Generation: The AuthKey is generated by hashing the combination of ClientID, request timestamp (ts), and a unique transaction ID (txn).
Requirement: The AuthKey must be included in every CA Management REST APIs request.

Certificate Management

Authentication Method: JSON Web Token (JWT) with a defined expiration time.
Token Acquisition: A valid JWT token is obtained by providing a registered username , password, and ClientID to the dedicated API endpoint.
Requirement: The JWT token must be passed in the Authorization header of each request to Certificate Management REST APIs.

Key Benefits:

Enhanced Security: JWTs and hashed AuthKeys provide strong protection against unauthorized access and replay attacks.
Scalability: These authentication methods are designed to handle a large volume of API requests efficiently.
Flexibility: Developers have the option to choose the appropriate authentication mechanism based on the specific API function.

Overall, these new features in release 4.2.4 aim to enhance security, scalability, and efficiency within PKI infrastructure. By leveraging Cloud HSMs, managing partitions with CRLs, automating certificate renewal, utilizing ACME revocation capabilities, and implementing robust API authentication, you can create a more secure and manageable PKI environment.

PreviousV4.2.5 NextUser Manual

Last updated 6 months ago

V4.2.4

New Features in Release 4.2.4

Release Date: 05/07/2024

The new features introduced in release 4.2.4, focusing on Cloud HSM, Partition CRL, Certificate Renewal, ACME Revocation Capabilities, and API Authentication.

1. Cloud HSM

Release v4.2.4: Cloud HSM Support for AWS Servers

Key Feature:

Cloud HSM for AWS Servers: In this release, we have integrated AWS Cloud HSM support, allowing servers to use AWS's hardware security modules for secure key management and cryptographic processing. AWS Cloud HSM provides a dedicated, tamper-resistant hardware environment for managing cryptographic keys, ensuring high levels of security and compliance.

Benefits:

Enhanced Security: Keys are stored and managed within AWS's secure HSM devices, providing a higher level of protection against unauthorized access and tampering.
Improved Performance: Offloading cryptographic operations to AWS Cloud HSM reduces the computational burden on your servers, improving overall application performance.
Compliance: Utilizing AWS Cloud HSM helps meet stringent regulatory and compliance requirements for data protection and cryptographic key management.

This new capability is designed to provide a robust and scalable solution for securing your applications and data on AWS.

2. Partition CRL (Certificate Revocation List)

We are excited to announce the introduction of Partial CRL functionality in version 4.2.4, a significant improvement to our certificate revocation handling capabilities.

What are Partial CRLs?

Partial CRLs (also known as Delta CRLs) contain only the most recent certificate revocations, making them much smaller than full CRLs. This size reduction brings multiple benefits:

Reduced Network Bandwidth: Smaller file sizes lead to faster downloads and less strain on network resources.
Optimized Validation Speed: By focusing on recent revocations, validation processes are streamlined, resulting in quicker checks.
Enhanced Responsiveness: The system can react more rapidly to new revocations, keeping your validation environment up-to-date.

How Partial CRLs Work in Version 4.2.3

Base CRL: A full CRL is generated periodically, providing a comprehensive snapshot of all revoked certificates.
Partial CRL Generation: New revocations are recorded in smaller partial CRLs numbered sequentially.
Cycling and Overwriting: The system limits the number of stored partial CRLs to maintain efficiency. Once the limit is reached, the oldest partial CRL is overwritten with the newest one, ensuring that only the most recent revocations are readily available.
Validation Process: During certificate validation, both the base CRL and the latest partial CRLs are checked to ensure the most accurate assessment of a certificate's status.

3. Certificate Renewal

The Certificate Renewal feature in release 4.2.4 has been enhanced to allow users to renew certificates before they expire using the same key. Here’s a brief explanation:

This functionality is designed to ensure secure communication and authentication continuity by renewing certificates before they expire.

4. ACME: Revocation Capabilities

Release v4.2.3: Enhanced Security with ACME Revocation Capabilities

Key Feature:

ACME Revocation Capabilities: In this release, we have enabled the ability to revoke digital certificates automatically using ACME. This feature enhances the security of our platform by allowing for the prompt and efficient revocation of compromised, expired, or no longer needed certificates.

Benefits:

Increased Security: Automated revocation helps prevent the misuse of compromised or invalid certificates, protecting against potential security threats.
Compliance: Ensures adherence to security standards and regulations that require timely revocation of certificates.
Efficiency: Automating the revocation process reduces the administrative burden and minimizes the risk of human error.
Reliability: Enhances the overall trust in the platform by ensuring that only valid and authorized certificates are in use.

This new capability is designed to provide a more secure and reliable certificate management process.

5. API Authentication

Enhanced Security and Authentication in Version 4.2.4

Version 4.2.4 of our software introduces robust, industry-standard authentication mechanisms for API access, designed to improve both security and scalability:

CA Management

Authentication Method: SHA256-based AuthKey
Key Generation: The AuthKey is generated by hashing the combination of ClientID, request timestamp (ts), and a unique transaction ID (txn).
Requirement: The AuthKey must be included in every CA Management REST APIs request.

Certificate Management

Authentication Method: JSON Web Token (JWT) with a defined expiration time.
Token Acquisition: A valid JWT token is obtained by providing a registered username , password, and ClientID to the dedicated API endpoint.
Requirement: The JWT token must be passed in the Authorization header of each request to Certificate Management REST APIs.

Key Benefits:

Enhanced Security: JWTs and hashed AuthKeys provide strong protection against unauthorized access and replay attacks.
Scalability: These authentication methods are designed to handle a large volume of API requests efficiently.
Flexibility: Developers have the option to choose the appropriate authentication mechanism based on the specific API function.

Note: For detailed implementation instructions and API documentation, please refer to the developer guide and technical reference materials ().

PreviousV4.2.5 NextUser Manual

Last updated 6 months ago