What's New in 6.4

HID CMS 6.4 for Windows provides the following improvements to the previous version:

  • Discover the enhanced Operator Portal with a brand-new dashboard and a faster, more intuitive user search.

  • Support of ECC for Idemia cards, offering stronger security.

  • New compatibility with the latest firmware version (7.8.9) of Thales Luna HSM ensuring enhanced security (non-FIPS mode only),

  • Support of encryption certificate and key history for Keyfactor EJBCA Enterprise.

Bug Fixes

  • SFLINK-2923 - CMS 6.3 - Error during Facial Image conversion (Case #03885331)

  • SFCFIUS-303 - [Enhancement Request]: Allow using PEM encoded certificates when creating/updating an Operator (Case #00010273)

  • SFCFIUS-305 - Derived Credential user issuance fails after upgrade to CMS 6.2 (Case #00010335)

What's New in 6.4.1

HID CMS 6.4.1 for Windows delivers the same improvements as described above for version 6.4, as well as the enhancements provided with the Hotfix FIXS2511002 (see below). It also includes the following improvements:

Bug Fixes

  • SFLINK-3319 - CMS doesn't start after upgrade to 6.4 (Case #04073606)

  • SFLINK-3268 - CMS Installer - CMS Server Must be Added as SQL Login (Case #04058811)

  • SFLINK-3346 - CMS Update 5.12 to 6.4 with CMS Installed on the E Drive (Case #04085513)

  • SFLINK-3328 - None of the Portals Accessible After Installation (Case #04078098)

  • SFLINK-3340 - CMS Instability / Performance issues after migration and upgrade to v6.4 (Case #04082954)

What's New in Hotfix FIXS2511002

This HID CMS Hotfix (FIXS2511002) applies to HID CMS 6.4 for Windows and provides the following enhancements to the 6.4 version:

  • Support for the Idemia ID-One PIV 2.4.3 device with new profile "PIV / CIV - IDEMIA ID-One PIV 2.4.3".

Bug Fixes

  • SFLINK-3219 - PKCS#11 devices compatibility issue between CMS 5.x and CMS 6.x (Case #04031830)

  • SFCFIUS-334 - "Session has expired" when a start page is required (Case #00010703)

  • SFCFIUS-335 - Performance improvements in Issuance (Case #00010746)

Changes in Previous Hotfix Versions

  • Support of new profile "PIV / CIV F2F - IDEMIA ID-One PIV 2.4.2 - FIDO" for Idemia 2.4.2 with FIDO

Bug Fixes

  • SFCFIUS-323 - Unable to show Critical Path/Siemens DirX users in Helpdesk (Case #00010626)

  • IACMS-8157 - Issue in any User Group prevents finding users in others (Case #00010626)

  • IACMS-8158 - Performance improvements in Helpdesk (Case #00010626)

  • SFCFIUS-326 - Unable to assign policies for Lost/Stolen when configured with CA managed recovery (Case #00010428)

  • SFCFIUS-328 - Unable to configure Passkey-Enabled Service when a custom Provider is installed (Case #00010682)

  • SFLINK-3036 - Permissions are not applied to custom Roles (Case #03942659)

  • SFCFIUS-314 - Unable to start if Entrust configured with credentials in HSM (Case #00010439)

Historical Record

HID CMS 6.3 for Windows provides the following improvements to the previous version:

  • Many functionalities have been added to the new Self-Service Portal making it easier to manage your devices.

  • Support of HID Crescendo Key V3: the Crescendo Key Series brings new form factors and capabilities. HID CMS 6.3 provides the ability to issue and manage HID Crescendo Key V3.

  • Support of YubiKey 5.7 FIPS: with HID CMS 6.3, it is possible to issue and manage YubiKey 5 FIPS with firmware 5.7.4.

  • Support of a new CA: HID CMS 6.3 supports Keyfactor EJBCA Enterprise to issue and manage certificates.

    Note: If you upgrade to CMS 6.3 from a previous release, EJBCA may not actually appear in the list of available credential providers. If that happens, you just need to restart the CMS service once.

Bug Fixes

  • SFLINK-2178 - CMS 5.13 Session constantly expiring (Case #03712994)

  • SFCFIUS-250 - Forbidden 403 using POST /Users/.search - (Case #00009801)

HID CMS 6.2 for Windows provides the following improvements to the previous version:

  • FIDO with Entra ID: HID CMS 6.2 enables efficient management and issuance of FIDO credentials, supporting secure, passwordless authentication. It seamlessly registers Passkey credentials with Microsoft Entra ID.

    Note: This capability is only available in the new HID CMS Operator Portal and HID CMS Self-Service portal.

  • Support of YubiKey 5.7: with HID CMS 6.2, it is possible to issue and manage YubiKey 5 keys with firmware 5.7.

Bug Fixes

  • SFCFIUS-171: Exchange Manager will not import G&D card (Case #00008639)

  • SFCFIUS-191: CMS 5.13 Help Desk Overview Not Showing Certain LDAP Attribute Values (Case #00008639)

  • SFLINK-2065: CMS 6.1 - Security Questions don't properly process non-Latin characters (Case #03695327)

  • SFLINK-2243: Server Error after CA removed from Active Directory but not from CMS (Case #03723071)

HID CMS 6.1 for Windows provides the following improvements to the previous version:

  • Derived Credential support. HID CMS 6.1 offers the capability to issue derived credentials to a user.

    Note: This capability is only available in the new HID CMS Portals or APIs.

  • Access to the Beta version of the new HID CMS Self-Service portal. This new portal allows users to access their devices and self-issue multiple devices or derived credentials.

    Note: The current portals (user, configuration and operator) remain accessible.

  • CMS REST API improvements: HID CMS 6.1 adds additional use cases. Using REST APIs, it is possible to self-issue multiple devices.

  • When downloading log files, CMS now also gathers some information on the CMS installation to help diagnose problems.

Bug Fixes

  • SFLINK-748: Problem with Device Issuance After CMS Update to 5.12 (Case #03387828)

  • SFCFIUS-130: Audit server failed error and stops CMS (Case #00007916)

  • P1395-102826: Issue with "request application update"

HID CMS 6.0 for Windows provides the following improvements to the previous version:

  • New CMS Operator Portal. The new portal offers a modern and user-friendly interface. The display automatically adapts to your screen type and allows you to easily perform help desk tasks.

    The legacy portals (user, configuration, and operator) remain accessible.

  • Multiple devices per user. CMS now offers the capability to issue and manage multiple active devices per user. There is no limitation in device type or policy. The devices can be cards or USB keys, and use the same, or different, device policies.

  • If the devices contain an encryption certificate, CMS will issue the same encryption certificate on multiple devices, to ensure a user can decrypt a document or email whatever device he uses to decrypt it.

    Note: This capability is only available in the new CMS Operator Portal.

  • CMS REST API improvements: CMS 6.0 expands on the enhancements included in recent 5.x updates by adding modern APIs for additional use cases.

Bug Fixes

  • SFCFIUS-35: CMS 5.11 Encoding Error - Unable to Parse Certificate (Case #00007070)

  • SFCFIUS-29: Error When Adding Custom Class to CMS (Case #00006923)

  • SFCFIUS-36: Errors when attempting to change the DN for users (updateDN) (Case #00007067)

  • SFCFIUS-49: Cannot Terminate Badge, Missing Certs in Help Desk View (Case #00007139)

  • SFCFIUS-101: CMS 5.13 Issues Reported (Case #00007872)

  • SFCFIUS-102: Unknown Certificate Status After DN Change (Case #00007873)

  • SFCFIUS-108: Card in Invalid Failed State (Case# 00007945)

  • SFCFIUS-155: After upgrade 5.8 to 5.13 - not able to enroll a device nor terminate existing device (Case #00008387)

  • SFLINK-507: Issuance Failure (Case #03302368)

  • SFLINK-638: CMS Errors (Case #03350722)

  • SFLINK-729: Issuance Error: Incomplete Configuration (Case #03381194)