Friday, August 21, 2009


JMRTD and ISODL are two open source projects that are using the cert-cvc library available in EJBCA. Cert-cvc was created for handling the CVC certificates used for EU EAC ePassports. The ISODL project uses the library, slightly modified, to handle CVC certificates used for driving licenses. JMRTD has build a complete library for handling the different parts of ePassports, not only EAC. Using JMRTD for example we built a MRTD SO signer in SignServer, that takes data group hashes and returns a finished signed SO(d).

Open source is great!




Monday, August 17, 2009

EJBCA 3.9.1 released

We are pleased to announce the release of EJBCA 3.9.1.

This is a minor release but packed with new minor features and fixes, 46
issues have been resolved.

Noteworthy changes:
- Improvements to public enrollment process including automatic renewal.
- Ability to specify approvals on certificate profiles.
- Configurable list of extended key usages.
- Dynamic update of max-age and nextUpdate for OCSP responders, also per
certificate profile.
- In CRL update service you can select which CAs to generate CRLs for.
- Possible to schedule CRLs more often than hourly.
- Possible to remove soft CA key and possibility to import it back again.
- Possibility to remove passwords from properties files.
- Support for CRL distribution points with URI:s containing semicolon.
- Transaction log for web service certificate issuance.
- Possibility to specify Any CA in end entity profiles.
- More flexible configuration of CA validity, years, months days.
- Improved error message in GUI when HSM activation fails.
- Many small optimizations, fixes and improvements.

Read the full changelog for details.

This is a plug-in upgrade for users of EJBCA 3.9.0.

Visit to download the latest release!

The EJBCA team.