Reflection PKI Services Manager 1.3 SP2 U1 - Release Notes

Reflection PKI Services Manager is a service that provides certificate validation services for many Micro Focus products.

These notes list the new features and updates in Reflection PKI Services Manager version 1.3 Service Pack 2 (SP2) Update 1.

1.0 What’s New in 1.3 SP2 U1

  • To check certificate revocation, PKI Services Manager now uses the URI for the OCSP responder from the correct certificate. Previously PKI Services Manager checked the revocation of a certificate using the URI for the OCSP responder from the issuer of that certificate. This has been corrected.

  • The Public Key Viewer now displays the SHA-256 hash of the Public Key as well as the SHA1 and MD5.

  • PKI Services Manager now runs only on 64-bit operating systems. If you have an older 32-bit installation running on a 64-bit machine, it will be upgraded to a 64-bit installation.

  • Java has been updated for all PKI Services Manager supported platforms.

  • The following operating system upgrades are now supported:

    • Windows Server 2019

    • Red Hat Enterprise Linux 8

    • SUSE Linux Enterprise Server 15

    • Solaris 11.4 (x64 64-bit)

    • Solaris 11.4 (SPARC 64-bit)

See Supported Platforms for a complete list of supported platforms in PKI Services Manager.

2.0 Known Issues

Known issues you may encounter:

  • When PKI Services Manager tries to test a certificate from the PKI Services Manager Console using a Certificate Revocation List (CRL) file in the Local Store, it fails to load the CRL file and then displays a “CRL not found” error.

    This issue only occurs in the PKI Services Manager Console UI and does not prevent PKI Services Manager from properly performing revocation checking.

    Workaround: Certificates can be tested using the pki-client Command Line Utility by running: java –jar pki-client.jar validate <options> or winpki validate <certificate>

  • When running certain older browsers, (for example, older versions of Internet Explorer 11), the local help system may not display the expected help banner image.

3.0 Updated Java Environments

PKI Services Manager installs its own Java environment and uses this by default. It is also possible to configure PKI Services Manager to use a different Java environment.

  • On Linux, Solaris and Windows platforms, PKI Services Manager is now using Azul Zulu OpenJDK version 8u252.

  • On AIX platforms, the installed Java was updated to IBM Runtime Environment Java Technology Edition Version 8.0.6.11.

4.0 Supported Platforms

PKI Services Manager 1.3 SP2 U1 supports these 64-bit platforms:

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2012

  • Red Hat Enterprise Linux 8

  • Red Hat Enterprise Linux 7

  • SUSE Linux Enterprise Server 15

  • SUSE Linux Enterprise Server 12

  • Solaris 11.4 (x64-bit)

  • Solaris 11.4 ( SPARC 64-bit)

For more information, see Technical Note 2427.

5.0 Deprecated Features

  • MD5 support in FIPS mode removed.

    Beginning with version 1.3 SP2, MD5 signed certificates are no longer supported in FIPS mode. Users who need support for MD5withRSA signed certificates in FIPS mode should use PKI Services Manager 1.3 SP1 or earlier.