Yesterday we released EJBCA 3.11.0.
This is a major release with several new features – 47 issues have been
resolved.
One major goal with this release is to prepare for a seamless migration
to EJBCA 4.0. To make the migration path to EJBCA 4.0 a simple plug-in
upgrade.
Following our updated QA process (by Tham) we believe that EJBCA 3.11.0
is a high quality release, the fastest and best release of EJBCA to date.
We'll see if this release can match the previous release EJBCA 3.10.5,
with virtually no serious issues reported after thousands of download.
Noteworthy changes:
- Possibility to configure CA not to use certificate and user store,
meaning that CA can issue certificates without having to access database
after service startup.
- External OCSP responder can now function as a validation authority
serving OCSP, CRLs and CA certificates.
- Certificate store access via HTTP according to RFC4387 standard.
- Possibility in WebService Interface to specify extended information
when editing users.
- Possibility to specify custom certificate serial number for end
entities using CMP protocol. CMP RA secret can now also be specified per CA.
- Upgrade database schema to be consistent across databases.
- Add a few new columns to database tables, a preparation to be used in
EJBCA 4.0.
- Improvements in the Glassfish support, now also usable with Oracle
database.
- Several other new features and extended key usages, GUI improvements
and performance enhancements – many of which are contributed by Linagora.
Regards,
PrimeKey EJBCA Team
Tuesday, November 30, 2010
Friday, November 26, 2010
EJBCA 3.10.6 and cert-cvc 1.2.12 released
EJBCA is our Open Source Enterprise PKI certificate authority.
Cert-cvc is our open source java library for working with EAC CV certificates.
This release is a very small maintenance release intended mostly to mark
the end of the 3.10 branch, anticipating 3.11.0 to be released within a
few days.
If you are running 3.10.5 with no issues, there is no real reason to
upgrade to 3.10.6. A few people have been waiting for the only new
feature in this release, but for others there is nothing really exciting.
EJBCA 3.11.0 however will be a stepping stone towards EJBCA 4.0, which
is nearing. EJBCA 3.11.0 will contain many new features and enhancements.
Changes:
New Feature
* [ECA-1264] - Add extended information to edit user WS-API.
Improvement
* [ECA-1877] - SPOC interop requires "unusual" countries which the CVC
library does not permit
Bug
* [ECA-1841] - Error adding end entity with several required and non
required OUs
* [ECA-1845] - Wrong reference in on line doc link for renew ca
* [ECA-1914] - Import of certificate profiles referring to CVC CAs
failed in CLI
You can view the changelog in Jira:
As usual you can download the new release from EJBCA.org:
Regards,
The PrimeKey EJBCA Team
PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.
Cert-cvc is our open source java library for working with EAC CV certificates.
This release is a very small maintenance release intended mostly to mark
the end of the 3.10 branch, anticipating 3.11.0 to be released within a
few days.
If you are running 3.10.5 with no issues, there is no real reason to
upgrade to 3.10.6. A few people have been waiting for the only new
feature in this release, but for others there is nothing really exciting.
EJBCA 3.11.0 however will be a stepping stone towards EJBCA 4.0, which
is nearing. EJBCA 3.11.0 will contain many new features and enhancements.
Changes:
New Feature
* [ECA-1264] - Add extended information to edit user WS-API.
Improvement
* [ECA-1877] - SPOC interop requires "unusual" countries which the CVC
library does not permit
Bug
* [ECA-1841] - Error adding end entity with several required and non
required OUs
* [ECA-1845] - Wrong reference in on line doc link for renew ca
* [ECA-1914] - Import of certificate profiles referring to CVC CAs
failed in CLI
You can view the changelog in Jira:
As usual you can download the new release from EJBCA.org:
Regards,
The PrimeKey EJBCA Team
PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.
Wednesday, November 3, 2010
EJBCA 3.9.9 released
We have released EJBCA 3.9.9. This is an informal maintenance release
with only one new feature and a few back-ported fixes from 3.10.
The release was done for a particular project. For normal usage we do
recommend the latest released version 3.10.5, which is the preferred
version and proven to be very stable. You should only upgrade to this
version if you have a specific purpose and requirements.
For regular users, even of the 3.9 branch, there is not need to upgrade
unless you need any of the specific fixes in this release.
Changes:
- ExtendedInformation, such as issuance revocation reason, can now be
added when editing users with the WebService API (new feature also
present in upcoming 3.10.6 and 3.11.0 releases).
- Error adding end entity with several required and non required OUs
(new fix for rare issue, also present in upcoming 3.10.6 and 3.11.0
releases).
- Added correct URIEncoding also for port 8080 in Tomcat's server.xml
(back-port).
- Fixed Issuer CA DN HTML escaping when revoking through Admin GUI
(back-port).
- Using multiple of the same Custom OID field for OtherName in Subject
Alternative Names results in double values (back-port).
Note: The WebService WSLD has changed for adding ExtendedInformation in
the UserDataVOWS object.
Old WS clients without this should still work and we have tested with
older EJBCA clients.
However if you depend on the WS-API you must test in your environment
before bringing this new version in production.
Regards,
PrimeKey EJBCA Team
with only one new feature and a few back-ported fixes from 3.10.
The release was done for a particular project. For normal usage we do
recommend the latest released version 3.10.5, which is the preferred
version and proven to be very stable. You should only upgrade to this
version if you have a specific purpose and requirements.
For regular users, even of the 3.9 branch, there is not need to upgrade
unless you need any of the specific fixes in this release.
Changes:
- ExtendedInformation, such as issuance revocation reason, can now be
added when editing users with the WebService API (new feature also
present in upcoming 3.10.6 and 3.11.0 releases).
- Error adding end entity with several required and non required OUs
(new fix for rare issue, also present in upcoming 3.10.6 and 3.11.0
releases).
- Added correct URIEncoding also for port 8080 in Tomcat's server.xml
(back-port).
- Fixed Issuer CA DN HTML escaping when revoking through Admin GUI
(back-port).
- Using multiple of the same Custom OID field for OtherName in Subject
Alternative Names results in double values (back-port).
Note: The WebService WSLD has changed for adding ExtendedInformation in
the UserDataVOWS object.
Old WS clients without this should still work and we have tested with
older EJBCA clients.
However if you depend on the WS-API you must test in your environment
before bringing this new version in production.
Regards,
PrimeKey EJBCA Team
Friday, October 29, 2010
EJBCA 4 basic roadmap
On request I will try to outline a better view of the roadmap for EJBCA 4 than is visible in Jira.
- EJBCA 4 is primarily a technology upgrade, move from J2EE (EJB2.1) to JEE5 (EJB3 and JPA).
What will this give us you ask?
- Leaner, meaner, faster and better code. Smaller code base and less bundled 3rd party libraries.
- Easier, thus faster, development of new features, while keeping the code cleaner.
- Better support for different application servers, JEE5 is much better standardized.
- Better support for different databases, using hibernate makes configuration easy.
- Integration of CESeCore, the Common Criteria certified security core under development. This will pave the road for having EJBCA 4.x Common Criteria certified.
All this brings us better support for, for example, Glassfish. On the other hand we must drop support for OC4J, since it will never get JEE5 capabilities. EJBCA 4 will require Java 6, since even that is getting old and Oracle does not support Java 5 anymore.
So as you see this is mostly a technical/developer friendly release, ensuring that EJBCA will continue to be a front runner of PKI for the coming years.
This is also one conscious decision, significant effort is put into migrating EJBCA to use the latest technologies. This should however not affect users, who will be able to seamlessly upgrade from EJBCA 3.11 to EJBCA 4.
There will be a few new features not available in 3.x though, mostly minor gems.
For the full roadmap visit, Jira, but be aware that especially for minor features and fixes, many of the issues targeted for EJBCA 4 might shift priorities (thus postponed), and new ones will be brought in. You can still see what has been already fixed.
What is the status of EJBCA 4?
- Subversion trunk, up and running, stable and passing most tests.
- Further improvements, structural work and upgrade testing going on.
You can follow the quality progress at our Hudson server.
So you can check out EJBCA 4 from subversion already today and give it a spin. Only for the brave technical persons.
What is the time schedule?
- EJBCA 4.0 should go beta before the end of 2010. And be released sometime Q1 2011.
What happens after that?
Once EJBCA 4.0 is out we will start focusing more on the new admin web console, and getting EJBCA common criteria certified. Naturally new features will continue to be developed, currently new features arrive at a rather aggressive pace. 2011 is destined to be an exciting year.
Regards,
PrimeKey EJBCA Team
- EJBCA 4 is primarily a technology upgrade, move from J2EE (EJB2.1) to JEE5 (EJB3 and JPA).
What will this give us you ask?
- Leaner, meaner, faster and better code. Smaller code base and less bundled 3rd party libraries.
- Easier, thus faster, development of new features, while keeping the code cleaner.
- Better support for different application servers, JEE5 is much better standardized.
- Better support for different databases, using hibernate makes configuration easy.
- Integration of CESeCore, the Common Criteria certified security core under development. This will pave the road for having EJBCA 4.x Common Criteria certified.
All this brings us better support for, for example, Glassfish. On the other hand we must drop support for OC4J, since it will never get JEE5 capabilities. EJBCA 4 will require Java 6, since even that is getting old and Oracle does not support Java 5 anymore.
So as you see this is mostly a technical/developer friendly release, ensuring that EJBCA will continue to be a front runner of PKI for the coming years.
This is also one conscious decision, significant effort is put into migrating EJBCA to use the latest technologies. This should however not affect users, who will be able to seamlessly upgrade from EJBCA 3.11 to EJBCA 4.
There will be a few new features not available in 3.x though, mostly minor gems.
For the full roadmap visit, Jira, but be aware that especially for minor features and fixes, many of the issues targeted for EJBCA 4 might shift priorities (thus postponed), and new ones will be brought in. You can still see what has been already fixed.
What is the status of EJBCA 4?
- Subversion trunk, up and running, stable and passing most tests.
- Further improvements, structural work and upgrade testing going on.
You can follow the quality progress at our Hudson server.
So you can check out EJBCA 4 from subversion already today and give it a spin. Only for the brave technical persons.
What is the time schedule?
- EJBCA 4.0 should go beta before the end of 2010. And be released sometime Q1 2011.
What happens after that?
Once EJBCA 4.0 is out we will start focusing more on the new admin web console, and getting EJBCA common criteria certified. Naturally new features will continue to be developed, currently new features arrive at a rather aggressive pace. 2011 is destined to be an exciting year.
Regards,
PrimeKey EJBCA Team
Tuesday, October 5, 2010
EJBCA SPoC presented at National eID & ePassport Conference in Athens 21-22 oct
I will shortly present the EJBCA SPoC at the upcoming National eID & ePassport Conference in Athens on the 21-22 october 2010. Anders Rundgren has made an excellent job implementing SPoC for EJBCA and has performed some successful interoperability tests. You'll learn more if you join us in Athens :-)
Wednesday, September 22, 2010
EJBCA 3.10.5 released
After a completed new and improved QA cycle, we are are proud to release
EJBCA 3.10.5. We think that EJBCA 3.10.5 is the beast EJBCA version to
date and encourage everyone to upgrade.
This is a maintenance release with 37 issues resolved, both features and
bug fixes.
Noteworthy changes:
- Fixed admin GUI error running on JBoss 5.
- Fixed some issues with audit and approvals when using admin
certificates issued by an external CA.
- Harmonized admin GUI and improved looks. Contributed by David Carella
of Linagora.
- Added and improved caches of profiles and CAs, improves performance.
CLI for clearing caches.
- Fixed installation issue on Windows when JBoss installed in root
directory.
- Fixed re-publishing of certificates when CertReqHistory is not used.
CertReqHistory is enabled by default for new CAs.
- Updated German translation, contributed by Atos Origin.
- Support unrevocation using WS-API.
Read the full changelog for details.
Download and read documentation at EJBCA.org.
Also read the product release news at PrimeKey.
EJBCA 3.10.5. We think that EJBCA 3.10.5 is the beast EJBCA version to
date and encourage everyone to upgrade.
This is a maintenance release with 37 issues resolved, both features and
bug fixes.
Noteworthy changes:
- Fixed admin GUI error running on JBoss 5.
- Fixed some issues with audit and approvals when using admin
certificates issued by an external CA.
- Harmonized admin GUI and improved looks. Contributed by David Carella
of Linagora.
- Added and improved caches of profiles and CAs, improves performance.
CLI for clearing caches.
- Fixed installation issue on Windows when JBoss installed in root
directory.
- Fixed re-publishing of certificates when CertReqHistory is not used.
CertReqHistory is enabled by default for new CAs.
- Updated German translation, contributed by Atos Origin.
- Support unrevocation using WS-API.
Read the full changelog for details.
Download and read documentation at EJBCA.org.
Also read the product release news at PrimeKey.
Tuesday, September 21, 2010
Performance lab
We have a new small performance lab at PrimeKey, a 2U machine with 4 physical servers, each with dual quad code CPUs, 3 SSD disks (striped) and 24GB RAM. It's good for testing high loads and large volumes, and we've been doing just that for the 3.10.5 release.
I have been running postgresql on one machine, with two appservers and one test client for a while. I managed to get a single appserver with EJBCA issuing up to 300 certificates per second. It's pretty quick to issue some 20 million certs with that speed. No slowdowns so far...
Now I'm installing Oracle on one of the machines. Unfortunately you have to run an old RHEL4 to install oracle so it takes some time and frustration (compared to installing ubuntu and postgres).
Subscribe to:
Comments (Atom)
Posts
