Cryptographic Security Platform 1.1.0 - Installation and administration guide [PDF][Releases]

CA Gateway for Cryptographic Security Platform 1.1.0 has the following known issues.

Mandatory parameters are mutually exclusive (ATEAM-16246)

When configuring a CA Gateway client, the following mandatory parameters are mutually exclusive (that is, you must select one but not both).

Tenant ID
Integrator ID

However, the Management Console raises an error during validation if any of these values is unselected.

Detected in: CA Gateway 3.0.0 to 3.0.5.

Workaround:

Delete the client settings.
Recreate the client settings using either the Tenant ID or Integrator ID parameter.

subject.certificates field omitted (ATEAM-16264)

For performance reasons, the PKIaaS CA Plugin will not honor the subject.certificates field in the following endpoint.

api/v1/certificate-authorities/{caId}/subjects/dn

Future releases may restore this functionality.

Detected in: CA Gateway 3.0.1 to 3.0.5.

Slashes not supported in passwords (ATEAM-18325)

CA Gateway deployments on appliances do not support slashes ('/') in passwords (such as keystore passwords, truststore passwords, Entrust Profile File passwords, etc.).

Detected in: CA Gateway installations on EDM (Entrust Deployment Manager), PKI Hub, and CSP (Cryptographic Security Platform).

Incorrect option name in the plugin selector (ATEAM-18782)

The Connector Name selector of the Management Console lists the Sectigo CA plugin as com.Sectigo instead of com.SectigoCA.

Workaround:

Export the CA Gateway configuration using the clusterctl solution config export command
Replace com.Sectigo with com.SectigoCA in the following files.
- config-schema.json
- sectigo-schema.json
- application.yml (only if CA Gateway has been deployed with the Sectigo CA plugin).
Apply the new configuration with the clusterctl solution config import command.
Deploy or redeploy the solution with the clusterctl solution deploy command.