July 2024


This document provides information about Ascertia ADSS Web RA Server. Browse through the following topics to find out about new features, product enhancements, improvement, known issues, and limitations for this release.


For information related to tested 3rd party components such as operating systems, database servers, and Hardware Security Modules, please review Ascertia Platform Support, this can be found here: https://manuals.ascertia.com/WebRA/ADSS-WebRA-Server-Platform-Support.pdf


Product Enhancements


  • OpenID Connect PKCE Support (WRA- 14264)


ADSS Web RA Server’s OpenID connect authentication scheme has been enhanced to support PKCE. OIDC PKCE is designed to enhance security by preventing CSRF and authorization code injection attacks. Within Web RA Server, OpenID connect is used to authenticate users, and to perform additional authentication during certificate renewal and certificate revocation. User registration also supports auto-registration of Virtual ID and SigningHub account, certificate generation and auto-provisioning Virtual ID certificate to SigningHub.


  • Enterprise Branding (WRA- 13174)


Web RA Server now supports enterprise level branding, operators can now offer a fully branded user experience to Web RA Enterprises. Web RA can now be fully branded and integrated with an organisation or trust service provider corporate brand.


  • Authentication Updates (WRA-13847)


ADSS Web RA Server authentication logic has been updated, operators now have more control and flexibility in managing authentication. Enterprises owners can now set the default login authentication mechanism and registration preferences for their users.


Improvements


  • Display chain within Web RA certificate viewer (WRA- 14756)


The full certificate chain including intermediate and root certificates are now displayed within the Web RA certificate viewer.