March 2025


This document provides information about Ascertia ADSS Web RA Server. Browse through the following topics to find out about new features, product enhancements, improvement, known issues, and limitations for this release.


For information related to tested 3rd party components such as operating systems, database servers, and Hardware Security Modules, please review Ascertia Platform Support, this can be found here: https://manuals.ascertia.com/WebRA/ADSS-WebRA-Server-Platform-Support.pdf


Product Enhancements

  • Linux Support (WRA-15029)


Web RA now adds support for Linux based installations, from 2.9.6 onwards, Web RA can now be installed on Linux based systems using an unattended installation process, please see the product documentation for information about the installation process, also see the product platform support report for the tested Linux distributions.


  • Qualified Signature Creation Device (QSCD) Token Management (WRA-15773)


The ADSS Web RA Server now provides administrators with the ability to provide QSCD Token Management, when integrated with ADSS Server allows token and certificate management that includes:


  • PIN/PUK policy management
  • Manage and configure Subject Distinguished Name (SDN) and Subject Alternative Name (SAN)
  • Operators can view token information.


Web RA now offers users self-service management for tokens, this includes


  • Generating and import certificates
  • View, resend, and reset PIN/PUK values
  • Resubmit declined requests
  • Check token information
  • Submit certificate generation requests to operators without a token


  • Customisable Search (WRA-15776)


ADSS Web RA now provides a customisable search feature for certificates and requests, Web RA certificate listing now includes a column to display the custom search results, operators can customise the displayed columns to their preferences, search for specific certificates or requests, perform certificate linting, and generate reports based on saved searches.

  • S/MIME CAA Support (WRA-16559)


ADSS Web RA Server now supports the use of the Certification Authority Authorization (CAA) rfc822Name record for issuing S/MIME certificates. This allows operators to use CAA to specify which Certificate Authorities (CAs) are authorised to issue certificates for their domain.

  • Deletion of User Keys from ADSS Server SAM Service (WRA-16740)


ADSS Web RA can now be configured to automatically delete a user’s keys and certificates from the ADSS Server SAM Service if an operator revokes the user’s certificate. 


  • .NET Core Framework version upgrade (WRA-16394)


The .NET framework version supplied with Web RA has been upgraded from 8.0 to 9.0.


Improvements


  • API Correction for User Provisioning in SigningHub from Web RA (WRA-16638)


By using the correct API for user provisioning in SigningHub, users will now receive an activation email instead of the user registration email during the registration process.


  • ADSS Server Connection Test requires access to ‘adss:certification:profile:001’ (WRA-16560)


The ADSS Server connection test in WebRA no longer requires access to a specific certification profile (adss:certification:profile:001). It now works with any certification profile assigned to the WebRA Client ID, ensuring greater flexibility in server configurations.


  • Unspecified (0) revocation reason is not showing for TLS certificates (WRA-16512)


The "unspecified" revocation reason is now visible in Web RA when revoking a TLS certificate, ensuring compliance with baseline requirements.


  • User is able to provision Certificate issued through a CSR (WRA-16446)


WebRA now enforces a restriction that prevents CSR based certificates from being provisioned to desktop signing.


  • WebRA Certificate Report Branding (WRA-16355)


WebRA branding now functions correctly on the PDF version of the WebRA Certificate Report.


  • CSP profile creation issue if HTTPS address is configured in ADSS Server connector (WRA-16265)


Users can now successfully create a CSP Service Profile in the Web RA admin External Services section. Additionally, new desktop signing users can be created on the web console