We are pleased to announce the release of Red Hat Certificate System 9.  Supported on Red Hat Enterprise Linux 7.1 and based on the open source PKI capabilities of the Dogtag Certificate System, Red Hat Certificate System 9 provides a robust and flexible set of features to support Certificate Life Cycle Management.  It is able to issue, renew, suspend, revoke, archive/recover, and manage the single and dual-key X.509v3 certificates needed to handle strong authentication, single sign-on, and secure communications.  Red Hat Certificate System 9 incorporates several new and enhanced features, including


  • Simplified Installation and Deployment
    • Simplified silent installation by using INI-like configuration files instead of command-line arguments.
    • Instance creation and configuration that can be performed in a single automated operation.
    • Multiple subsystems that can be deployed in a single Tomcat instance.
  • REST Web Service APIs
    • A new set of REST APIs to access various web services of the Certificate System.
    • Java and Python client libraries to allow easier integration with other applications.
  • Key Recovery Authority (KRA) Enhancements
    • KRA has been extended to archive other types of secrets, such as passphrases or symmetric keys.
    • Keys can be archived and retrieved by agents contacting the new KRA REST interfaces directly.
    • KRA can now function as a secure and audited vault for all kinds of secrets.
    • Support for both symmetric and asymmetric ability to generate and archive keys to support server-side key generation for TMS workflows.
  • Support for KRA Transport Key Rotation
    • New KRA transport key rotation feature that allows for a seamless transition between CA/KRA subsystem instances using a current and a new transport key.
    • KRA transport keys can be periodically rotated allowing both old and new transport keys to operate during the time of the transition; individual subsystem instances take turns being configured while other clones continue to serve with no downtime.
  • New Java-based Token Processing System (Technology Preview)
    • Replacement of the Apache HTTPD-based TPS with a Java Tomcat-based TPS.
    • Retention of feature parity with the existing C-based implementation while providing a new user interface for a better user experience.
  • Global Platform 2.1.1 in TPS (Technology Preview)
    • The latest version of Global Platform has been included and supported in the version of TPS in Red Hat Certificate System 9.
    • TPS is now able to provision cards that support newer versions of Global Platform and the latest cryptographic operations.

Additional Information

Although new sales of Red Hat Certificate System subscriptions are limited to North America, all existing Red Hat Certificate System customers, regardless of geography, are entitled to take advantage of the new features in this release.

Please visit the Red Hat Identity Management and Infrastructure page in the Red Hat Customer Portal for more information on this release.