SE Management Service (SEMS) Release Notes
[1.1.144] - 2026-04-10
Added
- The SRCA functionality is re-implemented to make the sc-hsm-srca plugin obsolete.
- If no
sems.authentication_token_keyis defined in etc/server.conf, then a random authentication token key is generated at startup. Using a random authentication token key invalidates active DICAPersonalizationRequests after a restart of the service. - CVC Root certificates placed in etc/tas are now added to the internal trust store at start.
- Support changing the KMC if the firmware update defines a fromkmc property.
Fixed
- Fix error when more than one DICA token provides the keys (ae26a1a).
Migration
Deprecated SRCA Plugin
Starting with 1.0.75 of the SE-Management-Service (SEMS), the SRCA Plugin is deprecated and functionality has moved to the SEMS. Please remove the sc-hsm-srca dependency from ivy.xml.
The SRCA related service requests are disabled by default. The need to be enabled using the enableSRCA setting in etc/configuration.js.
sems: {
rtURL: "http://localhost:8081/rt/sems",
apiURL: "https://localhost:8443",
enableSRCA: true
},
Subjects of type SchemeRootCA are deprecated, as the SRCA is now a function of a trust center. Existing subjects of type SchemeRootCA are automatically handled as trust center subjects. To update the database and complete the transition you can run
update Subject set type = "TrustCenter" where type = "SchemeRootCA";
A trust center can hold an arbitrary number of SRCA instances.
Requesting a MICA certificate has been moved to the Mission-CA-Service (MCAS).
Migrating Device Issuer
Starting with 1.0.75 of the SE-Management-Service (SEMS), the Device Issuer subject is deprecated. Instead the device issuer is now a function of a trust center. Existing subjects of type DeviceIssuer are automatically handled as subjects of type TrustCenter.
You can cleanup the database with
update Subject set type = "TrustCenter" where type = "DeviceIssuer";
[1.0.60] - 2025-05-16
- Initial release