Overview

The release notes summarizes important information you should be aware of before installing or upgrading Ubisecure Certificate Authentication Provider.

System Requirements

• SSL connection configured on an application server or SSL reverse-proxy
• Server JRE 8
• Ubisecure SSO Server 6.5 or later
  • Same requirements as Ubisecure SSO Server, see release notes of the SSO server that you will be using with CertAP. For current version of SSO, see System Recommendations and Supported Platforms

Additional Requirements

• Time synchronization is required between the service provider and identity provider. If this is not possible for some isolated test case, this can be worked around by setting the service provider's server time slightly ahead of the identity provider, but this is under no circumstances a recommended practice, especially in a production environment.
• For information about the Network Time Protocol, refer to following URLs.
  • NTP: The Network Time Protocol
    http://www.ntp.org
  • Windows Time Service Technical Reference
    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/windows-time-service/windows-time-service

PKI Requirements

• A root certificate for verifying the certificates of the user
• An optional HTTP or LDAP address for the CRL distribution point, or HTTP address to OCSP server

The Certificate Authentication Provider installation includes the complete PKI files and settings for the Finnish National Electronic ID card (HST).