Friday, October 5, 2018

Presenting EJBCA 6.15 and one word: ACME

Version 6 of EJBCA is beginning to near its end, and the team are looking forward with great anticipation to be able to give you all a look at what's coming with EJBCA 7. That said, we're sending off the last feature release of EJBCA 6 with a helluva bang: full support for the ACME REST protocol! 
Image result for acme

ACME Protocol Support

Nearly done by the release of 6.14 but not quite there, EJBCA 6.15's main feature is our support for the ACME protocol, up unto and including all mandatory features in draft 12. Naturally we've implemented it with full support for proxying communications over Peers through our RA, and support for multiple configurations using aliases as we do with other protocols.


As it's a commonly asked question, we'd like to state here that our implementation has been verified against CertbotPJAC and ACME Tiny, and our documentation describes how to configure them.

Wildcards for Custom Certificate Extensions

We've added two minor features to Custom Certificate Extensions: 


Firstly, we've added wildcards (identified by an '*') to the OID field, which allows a defined extension to match against any array of extensions defined in an incoming request (e.g. in the above example, any request containing an extension ending in .123. The second addition is the Required property, which is by default checked. Unchecking this property makes an extension available to be requested in the enrollment request but not necessary. 

Roadmap Update

Development of EJBCA 7.0 is now underway, and while many of you will be pleased at the new Common Criteria certification that's incoming, the initial UI changes won't be monumental at first. This is because most of the work is being done behind the scenes to pay back a monumental technical debt which has been incurred over the years in the UI module, and in order to maintain stability while the UI is being worked on we're making the changes as slow and gradual as possible. 
From The Oatmeal

What you'll be seeing next over the coming months will first be a normalization of UI functionality (making sure that similar actions across different pages behave in the same way), followed by a massive renovation of our CSS. After that we'll progressively start introducing more tangible improvements to the UI. 

Upgrade Information

Read the EJBCA 6.15 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

4 comments:

Unknown said...

Nice to see ECMA being introduced. Will this land in community version too?

OT: Do you have cheap starter plan for your enterprise edition like atlassian has with their 10 user license. I'd love to use ejbca for private purpose only (small amount of virtual systems within my home LAN)

Mike said...

Most likely not, it was several person-months of work, so we'd be tossing a ton of cash down the drain if we gave it to Community. At the very least, we'd like to use it for some time to gain an edge on the competitors selling our own product as theirs.

We don't quite have a deal like that I'm afraid, it would be far too difficult to regulate, and we don't play with the same margins as Atlassian has.

Cheers,
Mike

VikasG said...

You posted this link: http://confluence.primekey.com/display/EJBCADS/.ACME+v6.15.0

in your post but it isn't accessible.

tomas said...

Sorry bout that. Updated the link now to:
https://download.primekey.se/docs/EJBCA-Enterprise/latest/ACME.html

Thanks for the report.