Thursday, August 12, 2010
4.0 on the rise...
With the migration of beans to ejb3 done (by Johan and Mike), we can now deploy and start EJBCA 4.0. So far it looks the same as 3.10 of course, difference under the hood. Lots of JUnit tests still fail, but that will be dealt with now one by one.
EJBCA 3.10.4 released
Back from summer holidays we have a new good release to announce.
This is a maintenance release with 23 issues resolved, both features and bug fixes.
Noteworthy changes:
- Possibility to specify custom certificate serial number for end entities.
- Possibility to configure CA to not use CertReqHistory to increase performance.
- Harmonized admin GUI and improved looks. Contributed by David Carella of Linagora.
- Other performance optimizations. More than 100 certificates per second can now be issued under certain conditions.
- WS API did not work with external administrator certificates.
- Mitigate potential XSS vulnerabilities in admin GUI.
- Fixed bug when creating CRLs for CAs with single quote in the DN.
- Other admin GUI improvements with better error messages in some cases.
Read the full changelog for details.
One known issue from 3.10.4 is https://jira.primekey.se/browse/ECA-1779
There were many changes in the admin GUI for this release. Please let us know if you encounter any regressions using the admin GUI.
This is a maintenance release with 23 issues resolved, both features and bug fixes.
Noteworthy changes:
- Possibility to specify custom certificate serial number for end entities.
- Possibility to configure CA to not use CertReqHistory to increase performance.
- Harmonized admin GUI and improved looks. Contributed by David Carella of Linagora.
- Other performance optimizations. More than 100 certificates per second can now be issued under certain conditions.
- WS API did not work with external administrator certificates.
- Mitigate potential XSS vulnerabilities in admin GUI.
- Fixed bug when creating CRLs for CAs with single quote in the DN.
- Other admin GUI improvements with better error messages in some cases.
Read the full changelog for details.
One known issue from 3.10.4 is https://jira.primekey.se/browse/ECA-1779
There were many changes in the admin GUI for this release. Please let us know if you encounter any regressions using the admin GUI.
Monday, June 14, 2010
Howto extend a KVM virtual disk, using lvm, with larger disk space
Prerequisites:
An installed KVM Ubuntu 10.04 guest with regular disk using LVM (lvm makes the resize operation a bit more tricky).
In this example the original disk was 20 GB and I want to extend it with 20GB more.
An installed KVM Ubuntu 10.04 guest with regular disk using LVM (lvm makes the resize operation a bit more tricky).
In this example the original disk was 20 GB and I want to extend it with 20GB more.
- Stop guest
- Extend imagefile med zeroes to desired size
- create addon space with the size you want to extend disk with
sudo qemu-img create -f raw addon.raw 20G
- make backup of the original disk
mv ubuntu-dev.img ubuntu-dev.img.save
- concatenate the extra space on top of the old image
cat ubuntu-dev.img.save addon.raw >> ubuntu-dev.img - Start guest with gparted live iso
Partitions might look like:Number Start End Size Type File system Flags
1 1049kB 256MB 255MB primary ext2 boot
2 257MB 20.5GB 20.3GB extended
5 257MB 20.5GB 20.3GB logical lvm
- extend physical partition (2) with gparted (easiest) to fill upp the entire (new) disk - Reboot into guest
- Remove the logical partition (lvm)
- Create a new logic partition, with exact same start but new ending
rm 5; mkpart logical ext2 0 4000; set 5 lvm on - Resize the lvm physical volume (use pvdisplay to find out the device /dev/vda5)
- pvresize /dev/vda5 - Resize the lvm locial volume
- lvresize -L+4309 /dev/www/root
repeat the above until you fill up the entire free space, use pvdisplay and lvdisplay to see the free size - fsck the filesystem, the filesystem name is visible when you do lvdisplay
- fsck -n /dev/www/root - Resize the filesystem to fill up the space
- resize2fs /dev/www/root
Friday, June 11, 2010
New Spanish speaking EJBCA forum
We have opened up a new EJBCA forum targeted for spanish speakers.
EJBCA-usuarios. You can visit the new forum on Sourceforge.
Welcome!
EJBCA-usuarios. You can visit the new forum on Sourceforge.
Welcome!
Wednesday, June 9, 2010
Prototyping a new admin web console for EJBCA
This is the first sneak preview of the new admin console that we are working on. The new admin console is currently scheduled for EJBCA 4.1, which is due in 2011. We'll see how the progress goes though, if we can include a beta earlier than that.
The new admin console is uses a modern JSF web framework, giving it a modern look and feel. Of course there is AJAX :-)
Check the movie below to see what the prototype offers. In the first step we have focused on making the CA administration and easy to use as possible. It should be easy to get an overview of your CAs and easy to make the simple tasks, operating on one or multiple CAs. Editing CAs (and profiles) will use a tabbed interface, removing the rediculously long list of options there is today. Instead we can hide the advanced features behind tabs that you don't need to open unless you really want to.
Other usability features will surely be added.
Please feel free to provide feedback on the current prototype, aspecially the ideas on how to manage CAs.
Or watch the video on YouTube.
Or download mpeg.
Or download ogv (opens directly in newer FireFox).
Cheers,
PrimeKey EJBCA Team.
The new admin console is uses a modern JSF web framework, giving it a modern look and feel. Of course there is AJAX :-)
Check the movie below to see what the prototype offers. In the first step we have focused on making the CA administration and easy to use as possible. It should be easy to get an overview of your CAs and easy to make the simple tasks, operating on one or multiple CAs. Editing CAs (and profiles) will use a tabbed interface, removing the rediculously long list of options there is today. Instead we can hide the advanced features behind tabs that you don't need to open unless you really want to.
Other usability features will surely be added.
Please feel free to provide feedback on the current prototype, aspecially the ideas on how to manage CAs.
Or watch the video on YouTube.
Or download mpeg.
Or download ogv (opens directly in newer FireFox).
Cheers,
PrimeKey EJBCA Team.
Monday, May 24, 2010
Celebrate 10 years of BouncyCastle
David Hook of BouncyCastle wrote this on the dev-crypto mailinglist.
-----
Hi all,
While we're not in a habit of making a huge fuss about things, one thing
is about to come up which we thought we'd mention.
Monday 24th of May, marks 10 years since the first release of the Bouncy
Castle Cryptography APIs.
To give you an idea of what this means, the first release was on the
order of 24,000 lines of java. Ten years on we are now looking at
200,000 lines of Java and 160,000 lines of C# with a substantial
increase in functionality. The passage of time has certainly been felt.
Anyway, a lot of people outside of the core developers have contributed
over the years, so once again, thanks! And for us, them, and everyone
else, if you're inclined to celebrate 10 years of open source crypto
from this project, Monday is a good time to do it!
Cheers,
David
-----
An incredibly consistent track record of one of the best open source projects out there!
-----
Hi all,
While we're not in a habit of making a huge fuss about things, one thing
is about to come up which we thought we'd mention.
Monday 24th of May, marks 10 years since the first release of the Bouncy
Castle Cryptography APIs.
To give you an idea of what this means, the first release was on the
order of 24,000 lines of java. Ten years on we are now looking at
200,000 lines of Java and 160,000 lines of C# with a substantial
increase in functionality. The passage of time has certainly been felt.
Anyway, a lot of people outside of the core developers have contributed
over the years, so once again, thanks! And for us, them, and everyone
else, if you're inclined to celebrate 10 years of open source crypto
from this project, Monday is a good time to do it!
Cheers,
David
-----
An incredibly consistent track record of one of the best open source projects out there!
External RA enrollment Web GUI, sponsored by APNIC
I would like to take this opportunity to remind you that in EJBCA 3.10 there is a new, much awaited, feature. A web GUI for enrollment using the External RA.
The web GUI can be used to enroll for browser certificates using most browsers on all platforms. You can also enroll for server certificates and keystores.
The new GUI is developed with JSF and Facelets, using the IceFaces component library. This gives it a nice modern look and function.
The development of this new feature was sponsored by APNIC, who makes sure internet works in the Asia Pacific.
The web GUI can be used to enroll for browser certificates using most browsers on all platforms. You can also enroll for server certificates and keystores.
The new GUI is developed with JSF and Facelets, using the IceFaces component library. This gives it a nice modern look and function.
The development of this new feature was sponsored by APNIC, who makes sure internet works in the Asia Pacific.
Subscribe to:
Comments (Atom)
Posts
