Thursday, October 6, 2011

EJBCA 4.0.4 released

EJBCA, the Open Source Enterprise PKI, version 4.0.4 has been released.

This is a maintenance release with a few new features and bug fixes. In all 33 issues have been resolved.

Noteworthy changes:
  • Improved CMP with many new authentication modules in both client and RA mode, and support for Nested content
  • Support for custom certificate extensions with raw or RA defined values.
  • Many small bug fixes.
With this update EJBCA has support for most use cases for CMP, including the new 3GPP standard for PKI security in 4G/LTE mobile networks.

View the full changelog. in our Jira.

We are currently focusing on bringing common criteria certification to EJBCA, something that will come in EJBCA 5, which is the next release that we are working on.

See the PrimeKey release news.

The PrimeKey EJBCA Team

About the EJBCA project
EJBCA PKI is a Certification Authority and a complete enterprise PKI management system, delivered either as an integrable part or as a turnkey solution. EJBCA OCSP and EAC are sub functions of EJBCA PKI, and are used for on-line validation and ePassports.

EJBCA offers great advantages such as excellent cost-effectiveness, unmatched flexibility, complete integration – and full professional maintenance and support by PrimeKey,


Scarlet Sphere said...


I am currently using ejbca_4_0_3. Is there any way to export the private keys directly from the database? Is there an interface that will allow the user access to the database so the user can export his keys?

tomas said...

You can upgrade to 4.0.4 without exporting anything.
If end users had access to the database, this would be the most insecure application in the history of the internet :-)

Scarlet Sphere said...
This comment has been removed by the author.
tomas said...

The CA generally does not store private keys of users, only if key recovery is enabled. You should get well familiar with the concepts of PKI and how it works, and how the (client) softwares you are using works.
If your users for example uses a web browser the web browser stores the users private key, not the CA.

This is not a support forum though so I advice you to go to to find the right place to learn about PKI.