The DPoD Platform API has deprecated the tileId parameter on the POST /serviceAgreements endpoint and the tileName parameter on the GET /serviceAgreements{tenantId} endpoint.

The  tileId parameter on the POST /serviceAgreements and tileName parameter on the GET /serviceAgreements{tenantId} endpoint will be removed from the platform in a future update.

See the Subscriptions API for more information about available endpoints, fields and scopes.

As of UC 10.5, the configuration of multiple users will be supported which allows multiple partition slots to be accessed from a single client instance. This allows customers to add multiple UserID's (a combination of unique AuthTokenClientID, AuthTokenClientSecret, AuthTokenConfigURI) without the need to restart the application after the addition of a new UserID. This will enable a service provider to configure multiple UserID's without impacting the service any of the other users in the same UC instance.

The ability to load multiple partitions to the same UserID without impacting service to other users will also be supported. If an attempt is made to add the same partition ID to a different user that will be ignored and a Warning log will be generated.

More info can be found here: "Dynamic Partition Loading for Luna Cloud HSM Services"

The servicePlan field is being made mandatory for service creation when using the API, for example when using POST/service_instances or POST/services.

If you use the API to provision services, you will need to pass a value matching one of the plans listed in the Open Service Broker catalog. For Luna Cloud HSM services, you must pass "single_hsm". Failure to pass a valid plan will result in a 400 error.

See the Thales Documentation Portal for more information about available endpoints and fields.

A new certificate issuer will be used in the European data center for Luna Cloud HSM clients starting in August 2022.

A knowledge base article with a full description of the change is available here. The article contains important information on mandatory changes for users on 10.0 or 10.1 client versions.

This change introduces a new endpoint for validating the certificate status. Please ensure that operating systems hosting the client are able to validate the server certificate status (OCSP/CRL) using port 80. 

Ensure that these certificate revocation lists (CRLs) are accessible from the client machine prior to the planned change in August 2022 to guarantee continuity of service.

Current CRL: http://crl.godaddy.com/gdig2s1-3235.crl
New CRL: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
Platform CRL: http://crl3.digicert.com/ssca-sha2-g7.crl

The firmware versions for Luna Cloud HSM Services operating in EU environments have been updated. The current firmware version based on region and FIPS mode are as follows:

• NA FIPS - 1.4.0
• NA non-FIPS - 1.4.2
• EU FIPS - 1.5
• EU non-FIPS - 1.6 

FW 1.5 includes improvements to the Point to Point encryption service. FW 1.5 also includes the following bug fixes:

• SH-4366 - The firmware can create but not import public+sensitive keys. You must specify both CKA_PRIVATE=1 and CKA_SENSITIVE=1 Key Attributes for all Generated, Derived and Unwrapped keys
• SH-5322 - The firmware crashes when cancelling a multi-part operation. The firmware no longer crashes when cancelling a multi-part operation.
• SH-5595 - Deriving x9.42 DH2 returns CKR_OBJECT_HANDLE_INVALID. Deriving x9.42 DH2 no longer returns CKR_OBJECT_HANDLE_INVALID

FW 1.6 includes all of the improvements from FW1.5 and additional enhancements.

Additional Fields are now Mandatory for Tenant Registration

The following fields are now mandatory for tenant registration:

• Address
• City
• ZIP Code
• State/Province/Region*

* Mandatory if Country is set to United States, Canada, or Australia

The input fields for tenant registration, excluding the password field, will be trimmed. Leading and trailing spaces on input fields, excluding the password field, will be removed by the platform during registration. 

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for this behavior. 

See the Data Protection on Demand (DPoD) API for more information.

The following fields are being made mandatory for tenant registration when Country is set to United States, Canada, or Australia:

• State/Province/Region

If you have automation using the API for tenant registration and tenant updating you should modify your automation to account for these new mandatory fields. 

See the Data Protection on Demand (DPoD) API for more information about available endpoints and fields.

This change has been rescheduled to Tuesday February 8th 14:00 UTC to give customers more time to adjust their environments.

A knowledge base article with a full description of the change is available here. The article contains important information on mandatory changes for users on 10.0 or 10.1 client versions in North America.

This change introduces a new endpoint for validating the certificate status. Please ensure that operating systems hosting the client are able to validate the server certificate status (OCSP/CRL) using port 80. 

Ensure that these certificate revocation lists (CRLs) are accessible from the client machine prior to the planned change on Tuesday February 8th 14:00 UTC  to guarantee continuity of service.

Current CRL: http://crl.godaddy.com/gdig2s1-3235.crl
New CRL: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
Platform CRL: http://crl3.digicert.com/ssca-sha2-g7.crl