New Product Release ‑ ADSS Web RA Server v2.9.11

Posted by Mike Hathaway on Jul 1, 2026 10:59:59 AM

I am pleased to announce the release of ADSS Web RA Server v2.9.11, the latest update to our industry‑leading certificate registration and vetting platform. This release continues our commitment to helping organisations manage digital identity and trust workflows with enhanced security, flexibility, and compliance.

ADSS Web RA Server v2.9.11 product release banner with two professionals reviewing systems in a server room and a CA/Browser Forum compliance badge

ADSS Web RA Server is designed to put organisations in control of their digital certificate lifecycle ‑ from registration and enrolment through to renewal, revocation, and recovery ‑ across people, devices, and applications. It supports integration with multiple CAs and trust service providers, enabling flexible and scalable certificate management for enterprise and service provider environments.

What's New in v2.9.11

ADSS Web RA Server v2.9.11 introduces important enhancements that help Trust Service Provider customers remain compliant with evolving CA/Browser Forum Baseline Requirements, while also improving convenience and flexibility for operators, integrators, and end users.

This release focuses on several key areas:

  • Multi‑Perspective Issuance Corroboration for Domain Control Validation
  • DNSSEC validation for CAA and DCV lookups in certificate issuance
  • CAA record verification for ACME TLS certificate issuance
  • Web RA API enhancements
  • Custom DN support in Web RA ACME certificate issuance

Supporting Compliance with CA/Browser Forum Baseline Requirements

Publicly trusted certificate issuance continues to evolve, with increasing emphasis on the security and integrity of domain validation, CAA checking, and DNS‑based certificate issuance workflows.

For Trust Service Providers, these requirements are not optional. They are essential to maintaining compliance, audit readiness, and continued trust in publicly issued TLS certificates. ADSS Web RA Server v2.9.11 introduces targeted enhancements that help TSPs meet these obligations while continuing to deliver scalable and automated certificate services to their customers.

Multi‑Perspective Issuance Corroboration for Domain Control Validation

ADSS Web RA Server v2.9.11 adds support for Multi‑Perspective Issuance Corroboration, commonly known as MPIC, for Domain Control Validation.

MPIC strengthens the certificate issuance process by validating domain control from multiple independent network perspectives, rather than relying on a single network viewpoint. This helps reduce the risk that a localised network attack, routing issue, or manipulated DNS response could incorrectly influence a certificate issuance decision.

For TSP customers, this is important because domain validation is one of the core trust decisions behind publicly trusted TLS certificates. By supporting MPIC, Web RA helps TSPs align with CA/Browser Forum expectations and improve confidence that certificates are only issued to genuinely authorised domain controllers.

For end customers, the benefit is stronger assurance. Their TLS certificates are issued through a validation process that is more resilient, more transparent, and better aligned with modern Web PKI security requirements.

DNSSEC Validation for CAA and DCV Lookups in Certificate Issuance

ADSS Web RA Server v2.9.11 also introduces DNSSEC validation support for CAA and DCV lookups during certificate issuance.

DNS plays a critical role in TLS certificate issuance. It is used to confirm domain control, retrieve CAA records, and determine whether a CA is authorised to issue a certificate for a domain. However, DNS responses must be trustworthy if they are to support reliable certificate issuance decisions.

DNSSEC helps address this by enabling cryptographic validation of DNS data. By validating DNSSEC for CAA and DCV lookups, Web RA helps ensure that the DNS information used during certificate issuance has not been spoofed, altered, or tampered with in transit.

For TSPs, this provides stronger compliance support and helps reduce issuance risk. For customers, it improves confidence that certificate requests are being validated against authentic DNS information.

CAA Record Verification for ACME TLS Certificate Issuance

ADSS Web RA Server v2.9.11 adds CAA record verification for ACME TLS certificate issuance.

CAA records allow domain owners to specify which Certificate Authorities are authorised to issue certificates for their domains. Checking these records is a critical safeguard in the public TLS ecosystem, helping prevent unauthorised or unintended certificate issuance.

With this enhancement, Web RA can verify CAA records as part of ACME‑based TLS certificate issuance workflows. This is especially important as more organisations automate certificate issuance and renewal using ACME.

For TSP customers, this helps ensure that automated TLS certificate issuance remains policy‑controlled, compliant, and aligned with domain owner intent. For enterprise customers using ACME, it supports automation without compromising governance or trust.

Enhancements for Operators, Integrators, and Users

Alongside the compliance‑focused updates, ADSS Web RA Server v2.9.11 also introduces enhancements designed to improve day‑to‑day usability, integration flexibility, and operational efficiency.

These updates are important because certificate lifecycle management often spans multiple teams, systems, and workflows. Operators need visibility and control. Integrators need reliable APIs. End users need processes that are simple, predictable, and consistent.

Web RA API Enhancements

The Web RA API enhancements in v2.9.11 provide greater flexibility for organisations integrating certificate registration, vetting, and lifecycle management into their existing systems.

APIs are essential for customers who want to automate certificate workflows, connect Web RA to portals or identity platforms, streamline operational processes, or build custom user journeys around certificate issuance and management.

These enhancements help reduce manual effort, improve consistency, and make it easier for integrators to embed Web RA into broader enterprise and TSP service environments.

For operators, this means fewer disconnected processes. For integrators, it means more options for automation and system‑to‑system integration. For customers, it means a smoother and more scalable certificate management experience.

Custom DN Support in Web RA ACME Certificate Issuance

ADSS Web RA Server v2.9.11 also introduces Custom DN support in Web RA ACME certificate issuance.

Distinguished Names are an important part of certificate identity. They define subject information within a certificate and are often used to support organisational policies, naming conventions, compliance requirements, and integration with downstream systems.

By supporting Custom DNs in ACME certificate issuance, Web RA gives customers more control over the identity information included in certificates issued through automated ACME workflows.

This is particularly valuable for organisations that want the speed and efficiency of ACME automation while still maintaining structured certificate subject data that aligns with internal policy, service plans, or customer‑specific requirements.

Why This Matters for Customers

ADSS Web RA Server v2.9.11 is an important release for Trust Service Providers, enterprises, and managed service providers that need to balance compliance, automation, and operational efficiency.

The compliance‑focused enhancements help TSPs respond to evolving CA/Browser Forum Baseline Requirements for publicly trusted TLS certificate issuance. MPIC, DNSSEC validation, and CAA verification strengthen the trust decisions that underpin domain validation and certificate issuance.

At the same time, the API and Custom DN enhancements make Web RA more flexible and convenient for operators, integrators, and users. They help organisations automate more of the certificate lifecycle, reduce manual intervention, and tailor certificate issuance workflows to real‑world business and technical requirements.

A Stronger Platform for Certificate Registration and Vetting

With ADSS Web RA Server v2.9.11, Ascertia continues to strengthen its certificate registration and vetting platform for modern trust service environments.

This release helps TSPs maintain compliance, supports secure and automated TLS certificate issuance, and improves the flexibility customers need to integrate certificate lifecycle management into their wider digital identity and trust ecosystems.

These enhancements reinforce Web RA's role as a scalable, policy‑driven platform for managing certificate registration, validation, issuance, and lifecycle operations across people, devices, domains, and applications.

Recent Posts

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook