Tuesday, November 30, 2010

EJBCA 3.11.0 released

Yesterday we released EJBCA 3.11.0.

This is a major release with several new features – 47 issues have been
One major goal with this release is to prepare for a seamless migration
to EJBCA 4.0. To make the migration path to EJBCA 4.0 a simple plug-in

Following our updated QA process (by Tham) we believe that EJBCA 3.11.0
is a high quality release, the fastest and best release of EJBCA to date.
We'll see if this release can match the previous release EJBCA 3.10.5,
with virtually no serious issues reported after thousands of download.

Noteworthy changes:
- Possibility to configure CA not to use certificate and user store,
meaning that CA can issue certificates without having to access database
after service startup.
- External OCSP responder can now function as a validation authority
serving OCSP, CRLs and CA certificates.
- Certificate store access via HTTP according to RFC4387 standard.
- Possibility in WebService Interface to specify extended information
when editing users.
- Possibility to specify custom certificate serial number for end
entities using CMP protocol. CMP RA secret can now also be specified per CA.
- Upgrade database schema to be consistent across databases.
- Add a few new columns to database tables, a preparation to be used in
EJBCA 4.0.
- Improvements in the Glassfish support, now also usable with Oracle
- Several other new features and extended key usages, GUI improvements
and performance enhancements – many of which are contributed by Linagora.

PrimeKey EJBCA Team

Friday, November 26, 2010

EJBCA 3.10.6 and cert-cvc 1.2.12 released

EJBCA is our Open Source Enterprise PKI certificate authority.
Cert-cvc is our open source java library for working with EAC CV certificates.

This release is a very small maintenance release intended mostly to mark
the end of the 3.10 branch, anticipating 3.11.0 to be released within a
few days.
If you are running 3.10.5 with no issues, there is no real reason to
upgrade to 3.10.6. A few people have been waiting for the only new
feature in this release, but for others there is nothing really exciting.

EJBCA 3.11.0 however will be a stepping stone towards EJBCA 4.0, which
is nearing. EJBCA 3.11.0 will contain many new features and enhancements.

New Feature
* [ECA-1264] - Add extended information to edit user WS-API.

* [ECA-1877] - SPOC interop requires "unusual" countries which the CVC
library does not permit

* [ECA-1841] - Error adding end entity with several required and non
required OUs
* [ECA-1845] - Wrong reference in on line doc link for renew ca
* [ECA-1914] - Import of certificate profiles referring to CVC CAs
failed in CLI

You can view the changelog in Jira:

As usual you can download the new release from EJBCA.org:

The PrimeKey EJBCA Team

PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.

Wednesday, November 3, 2010

EJBCA 3.9.9 released

We have released EJBCA 3.9.9. This is an informal maintenance release
with only one new feature and a few back-ported fixes from 3.10.
The release was done for a particular project. For normal usage we do
recommend the latest released version 3.10.5, which is the preferred
version and proven to be very stable. You should only upgrade to this
version if you have a specific purpose and requirements.
For regular users, even of the 3.9 branch, there is not need to upgrade
unless you need any of the specific fixes in this release.

- ExtendedInformation, such as issuance revocation reason, can now be
added when editing users with the WebService API (new feature also
present in upcoming 3.10.6 and 3.11.0 releases).
- Error adding end entity with several required and non required OUs
(new fix for rare issue, also present in upcoming 3.10.6 and 3.11.0
- Added correct URIEncoding also for port 8080 in Tomcat's server.xml
- Fixed Issuer CA DN HTML escaping when revoking through Admin GUI
- Using multiple of the same Custom OID field for OtherName in Subject
Alternative Names results in double values (back-port).

Note: The WebService WSLD has changed for adding ExtendedInformation in
the UserDataVOWS object.
Old WS clients without this should still work and we have tested with
older EJBCA clients.
However if you depend on the WS-API you must test in your environment
before bringing this new version in production.

PrimeKey EJBCA Team