On request I will try to outline a better view of the roadmap for EJBCA 4 than is visible in Jira.
- EJBCA 4 is primarily a technology upgrade, move from J2EE (EJB2.1) to JEE5 (EJB3 and JPA).
What will this give us you ask?
- Leaner, meaner, faster and better code. Smaller code base and less bundled 3rd party libraries.
- Easier, thus faster, development of new features, while keeping the code cleaner.
- Better support for different application servers, JEE5 is much better standardized.
- Better support for different databases, using hibernate makes configuration easy.
- Integration of CESeCore, the Common Criteria certified security core under development. This will pave the road for having EJBCA 4.x Common Criteria certified.
All this brings us better support for, for example, Glassfish. On the other hand we must drop support for OC4J, since it will never get JEE5 capabilities. EJBCA 4 will require Java 6, since even that is getting old and Oracle does not support Java 5 anymore.
So as you see this is mostly a technical/developer friendly release, ensuring that EJBCA will continue to be a front runner of PKI for the coming years.
This is also one conscious decision, significant effort is put into migrating EJBCA to use the latest technologies. This should however not affect users, who will be able to seamlessly upgrade from EJBCA 3.11 to EJBCA 4.
There will be a few new features not available in 3.x though, mostly minor gems.
For the full roadmap visit, Jira, but be aware that especially for minor features and fixes, many of the issues targeted for EJBCA 4 might shift priorities (thus postponed), and new ones will be brought in. You can still see what has been already fixed.
What is the status of EJBCA 4?
- Subversion trunk, up and running, stable and passing most tests.
- Further improvements, structural work and upgrade testing going on.
You can follow the quality progress at our Hudson server.
So you can check out EJBCA 4 from subversion already today and give it a spin. Only for the brave technical persons.
What is the time schedule?
- EJBCA 4.0 should go beta before the end of 2010. And be released sometime Q1 2011.
What happens after that?
Once EJBCA 4.0 is out we will start focusing more on the new admin web console, and getting EJBCA common criteria certified. Naturally new features will continue to be developed, currently new features arrive at a rather aggressive pace. 2011 is destined to be an exciting year.
Regards,
PrimeKey EJBCA Team
Friday, October 29, 2010
Tuesday, October 5, 2010
EJBCA SPoC presented at National eID & ePassport Conference in Athens 21-22 oct
I will shortly present the EJBCA SPoC at the upcoming National eID & ePassport Conference in Athens on the 21-22 october 2010. Anders Rundgren has made an excellent job implementing SPoC for EJBCA and has performed some successful interoperability tests. You'll learn more if you join us in Athens :-)
Wednesday, September 22, 2010
EJBCA 3.10.5 released
After a completed new and improved QA cycle, we are are proud to release
EJBCA 3.10.5. We think that EJBCA 3.10.5 is the beast EJBCA version to
date and encourage everyone to upgrade.
This is a maintenance release with 37 issues resolved, both features and
bug fixes.
Noteworthy changes:
- Fixed admin GUI error running on JBoss 5.
- Fixed some issues with audit and approvals when using admin
certificates issued by an external CA.
- Harmonized admin GUI and improved looks. Contributed by David Carella
of Linagora.
- Added and improved caches of profiles and CAs, improves performance.
CLI for clearing caches.
- Fixed installation issue on Windows when JBoss installed in root
directory.
- Fixed re-publishing of certificates when CertReqHistory is not used.
CertReqHistory is enabled by default for new CAs.
- Updated German translation, contributed by Atos Origin.
- Support unrevocation using WS-API.
Read the full changelog for details.
Download and read documentation at EJBCA.org.
Also read the product release news at PrimeKey.
EJBCA 3.10.5. We think that EJBCA 3.10.5 is the beast EJBCA version to
date and encourage everyone to upgrade.
This is a maintenance release with 37 issues resolved, both features and
bug fixes.
Noteworthy changes:
- Fixed admin GUI error running on JBoss 5.
- Fixed some issues with audit and approvals when using admin
certificates issued by an external CA.
- Harmonized admin GUI and improved looks. Contributed by David Carella
of Linagora.
- Added and improved caches of profiles and CAs, improves performance.
CLI for clearing caches.
- Fixed installation issue on Windows when JBoss installed in root
directory.
- Fixed re-publishing of certificates when CertReqHistory is not used.
CertReqHistory is enabled by default for new CAs.
- Updated German translation, contributed by Atos Origin.
- Support unrevocation using WS-API.
Read the full changelog for details.
Download and read documentation at EJBCA.org.
Also read the product release news at PrimeKey.
Tuesday, September 21, 2010
Performance lab
We have a new small performance lab at PrimeKey, a 2U machine with 4 physical servers, each with dual quad code CPUs, 3 SSD disks (striped) and 24GB RAM. It's good for testing high loads and large volumes, and we've been doing just that for the 3.10.5 release.
I have been running postgresql on one machine, with two appservers and one test client for a while. I managed to get a single appserver with EJBCA issuing up to 300 certificates per second. It's pretty quick to issue some 20 million certs with that speed. No slowdowns so far...
Now I'm installing Oracle on one of the machines. Unfortunately you have to run an old RHEL4 to install oracle so it takes some time and frustration (compared to installing ubuntu and postgres).
Thursday, August 12, 2010
4.0 on the rise...
With the migration of beans to ejb3 done (by Johan and Mike), we can now deploy and start EJBCA 4.0. So far it looks the same as 3.10 of course, difference under the hood. Lots of JUnit tests still fail, but that will be dealt with now one by one.
EJBCA 3.10.4 released
Back from summer holidays we have a new good release to announce.
This is a maintenance release with 23 issues resolved, both features and bug fixes.
Noteworthy changes:
- Possibility to specify custom certificate serial number for end entities.
- Possibility to configure CA to not use CertReqHistory to increase performance.
- Harmonized admin GUI and improved looks. Contributed by David Carella of Linagora.
- Other performance optimizations. More than 100 certificates per second can now be issued under certain conditions.
- WS API did not work with external administrator certificates.
- Mitigate potential XSS vulnerabilities in admin GUI.
- Fixed bug when creating CRLs for CAs with single quote in the DN.
- Other admin GUI improvements with better error messages in some cases.
Read the full changelog for details.
One known issue from 3.10.4 is https://jira.primekey.se/browse/ECA-1779
There were many changes in the admin GUI for this release. Please let us know if you encounter any regressions using the admin GUI.
This is a maintenance release with 23 issues resolved, both features and bug fixes.
Noteworthy changes:
- Possibility to specify custom certificate serial number for end entities.
- Possibility to configure CA to not use CertReqHistory to increase performance.
- Harmonized admin GUI and improved looks. Contributed by David Carella of Linagora.
- Other performance optimizations. More than 100 certificates per second can now be issued under certain conditions.
- WS API did not work with external administrator certificates.
- Mitigate potential XSS vulnerabilities in admin GUI.
- Fixed bug when creating CRLs for CAs with single quote in the DN.
- Other admin GUI improvements with better error messages in some cases.
Read the full changelog for details.
One known issue from 3.10.4 is https://jira.primekey.se/browse/ECA-1779
There were many changes in the admin GUI for this release. Please let us know if you encounter any regressions using the admin GUI.
Monday, June 14, 2010
Howto extend a KVM virtual disk, using lvm, with larger disk space
Prerequisites:
An installed KVM Ubuntu 10.04 guest with regular disk using LVM (lvm makes the resize operation a bit more tricky).
In this example the original disk was 20 GB and I want to extend it with 20GB more.
An installed KVM Ubuntu 10.04 guest with regular disk using LVM (lvm makes the resize operation a bit more tricky).
In this example the original disk was 20 GB and I want to extend it with 20GB more.
- Stop guest
- Extend imagefile med zeroes to desired size
- create addon space with the size you want to extend disk with
sudo qemu-img create -f raw addon.raw 20G
- make backup of the original disk
mv ubuntu-dev.img ubuntu-dev.img.save
- concatenate the extra space on top of the old image
cat ubuntu-dev.img.save addon.raw >> ubuntu-dev.img - Start guest with gparted live iso
Partitions might look like:Number Start End Size Type File system Flags
1 1049kB 256MB 255MB primary ext2 boot
2 257MB 20.5GB 20.3GB extended
5 257MB 20.5GB 20.3GB logical lvm
- extend physical partition (2) with gparted (easiest) to fill upp the entire (new) disk - Reboot into guest
- Remove the logical partition (lvm)
- Create a new logic partition, with exact same start but new ending
rm 5; mkpart logical ext2 0 4000; set 5 lvm on - Resize the lvm physical volume (use pvdisplay to find out the device /dev/vda5)
- pvresize /dev/vda5 - Resize the lvm locial volume
- lvresize -L+4309 /dev/www/root
repeat the above until you fill up the entire free space, use pvdisplay and lvdisplay to see the free size - fsck the filesystem, the filesystem name is visible when you do lvdisplay
- fsck -n /dev/www/root - Resize the filesystem to fill up the space
- resize2fs /dev/www/root
Subscribe to:
Comments (Atom)
Posts
