August 2024

This document provides information about Ascertia ADSS Server. Browse through the following topics to find out about new features, product enhancements, improvement, known issues, and limitations for this release.


For information related to tested 3rd party components such as operating systems, database servers, and Hardware Security Modules, please review Ascertia Platform Support, this can be found here: https://www.ascertia.com/product-documentation/platform-support/


Ascertia ADSS Server has successfully completed Common Criteria certification at the EAL4+ Assurance Level. For details, visit https://www.commoncriteriaportal.org/products/index.cfm, under Key Management Systems.


New Features

  • Support of Pre-Issuance Linting (ADSS-20374)

ADSS Server v8.3.6 has introduced support for pre-issuance linting of certificates, CRLs, and OCSP responses. If the linting tool fails to validate any of these items, ADSS Server will block their issuance, log a detailed error, and send an alert to the operator, if configured. The integration includes the PKILint and ZLint tools as part of this update.


Product Enhancements

  • OAuth2 Client Authentication Now Supported in ADSS Certification Service (ADSS-22264)

The ADSS Certification Service now supports OAuth2 Client Authentication for secure communication with the ADSS RAS Server.


  • Enhanced validation checks for Certificate generation (ADSS-21495/ ADSS-21566)

The ADSS CA is now compliant with the updated CA/B Forum guidelines for the following certificate types:

    • TLS Server Certificate: Version 2.0.5
    • EV TLS Server Certificate: Version 2.0.1
    • Code Signing and EV Code Signing Certificates: Version 3.7
    • S/MIME Certificate: Version 1.0.3


  • Enhanced ADSS Verification Service (ADSS-21320)

The ADSS Verification Service is now enhanced to verify only chosen signatures using X-Path in a document instead of whole document.


Improvements

  • API Updated and backward compatibility in Unity Service (ADSS-22283)

The (List Registered Devices) API has been enhanced to support user access tokens and the URI has been updated to remove the user-id query parameter.

A new property has been introduced ‘MOBILE_API_AUTHENTICATION’ when its value is TRUE the ADSS Server Unity Service will provide backwards compatibility.


Security Improvements

  • Tech Stack Migration in ADSS Server to Mitigate Security Vulnerabilities (ADSS-21082)

ADSS Server has migrated its major tech stack components, including Tomcat 10.1.x, JDK, Hibernate, and Spring Boot, to address security vulnerabilities.