Friday, March 9, 2012

EJBCA 5.0.4 released

We have released EJBCA 5.0.4 to our customers. This is a release that is delivered for, hopefully, final evaluation for Common Criteria EAL 4+. We keep our fingers crossed.

A few new minor features was also added during the development phase. These are customer requested OCSP features and a few usability improvement found during customer installations.

This is a maintenance release with a few bug fixes and new features. In all, 20 issues have been resolved.

Noteworthy changes:
  • OCSP: Possibility to only publish revoked certificates to Validation Authority.
  • OCSP: Possibility to treat "non existing is good" based on URI on the Validation Authority.
  • Do not allow creation of CAs using weak keys.
  • Add Kerberos extended key usages.
  • Add possibility to specify certificate profile to CA init CLI command.
  • Fix a few more tests on windows platform.
  • Fixed minor security issues in admin web.
  • Fixed a few cosmetic issues improving usability.

EJBCA 5.0.x, being a certified version, is not available for free download on the internet, as previous version has always been. Contact PrimeKey if you want access to EJBCA 5.0.

4 comments:

Unknown said...

I would like to know if EJBCA can be deployed outside of a J2EE container, lets say a light weight web container such as Tomcat ?

Thanks.

tomas said...

EJBCA uses full JEE features, so it is not possible. In theory there are embeddable JEE containers that you can deploy, with your application, in Tomcat. But we have not tested that.
The default installation requires a JBoss of Glassfish JEE server.

Diego de Felice said...

What's to expect for the future regarding this 4/5 disjunction ? Will the 5 version be open source again ? Or the 5 version will remain "closed" and the 4 will be the open source version ? In this last case, will the 4 version developed in parallel with the 5 version or abandoned ?

tomas said...

The Common Criteria certified version (5.0) will not be available for download. It's too expensive to certify software unfortunately.

Development of freely downloadable versions will of course continue and you will see further 4.0.x versions and future 6.0 etc versions available for download for all.