May 2024


This document provides information about Ascertia ADSS Web RA Server. Browse through the following topics to find out about new features, product enhancements, improvement, known issues, and limitations for this release.


For information related to tested 3rd party components such as operating systems, database servers, and Hardware Security Modules, please review Ascertia Platform Support, this can be found here: https://manuals.ascertia.com/WebRA/ADSS-WebRA-Server-Platform-Support.pdf


New Features


  • Certificate Locator (WRA- 12051)


Introducing ADSS Web RA Certificate Locator, this release of ADSS Web RA Server adds support for operators to scan network hosts and local CAPI and Java key stores to locate digital certificates that can then be manually or automatically sent to Web RA Server. Web RA Server now provides the ability for operators to assign newly discovered certificates to Web RA users to enable automatic email notification for certificate expiry events, or to enable certificate owners to configure Web RA to start managing the certificate using an existing mechanism such as SCEP, ACME, EST etc. Web RA users can assign, manage, renew, and revoke certificates that have been assigned to them via the Web RA user portal. Users can view external certificate statistics from the dashboard and can perform sorting, modifications, advanced search, and reporting on certificates if allowed in their user role.


  • Certificate Linting Reports (WRA- 12876)


Web RA now enables users to generate a report on certificates to check for consistency with standards, policy and guidelines. Web RA Server will inform users if certificates are not compliant with the following linting sources: 


  • CA/Browser Forum EV SSL Certificate Guidelines 
  • ETSI ESI 
  • Mozilla's PKI policy 
  • Apple's CT policy 
  • Various RFCs (e.g. RFC 5280, 6818, RFC 4055, RFC 8399


Improvements


  • ACME external binding (WRA- 14321)


ADSS Web RA Servers ACME implementation has been updated, when the external account binding is set to None, Web RA no longer requires users to create a request in Web RA. Web RA now allows operators to define a default certification profile for ACME client within a user’s role, this will be used by ACME clients when a request uses just a user’s email address in the request.


  • Net Core Upgrade (WRA- 14488)


ADSS Web RA now supports .Net core 8.0


  • Regular Release Uninstaller (WRA- 14034)


The ADSS Web RA Server installer has been improved to enable a regular release to be uninstalled from 2.9.2 onwards.