EJBCA 4.0 alpha1 released

Hi everybody!

Eagerly waiting for the next major version of the best PKI software in the world? Now is your chance to try it out.

EJBCA 4 uses Java Enterprise Edition 5 (JEE5) instead of J2EE. This is a major improvement of the core, modularization, portability and packaging, but you will not notice many functional differences.

What else?

• The database schema is fully defined through the Java Persistence API and table create scripts are provided for all the supported databases.


• Many bugs have been corrected. For example EJBCA Services will run more stable in a clustered environment.


• The Ingres database can now be used with EJBCA without patching the code.


• A JEE5 compliant application server, Java 1.6 and Ant 1.7.1 or higher is required from this version on.

Since this is and alpha release, you can expect a few rough edges. Have in mind that there will not necessarily be an upgrade path from this release to EJBCA 4.0.0.

Download!
Submit bug reports!

Happy holidays and testing,
The PrimeKey EJBCA Team

EJBCA 3.11.1 released

Today PrimeKey has released EJBCA 3.11.1.

This is a maintenance release – 16 issues have been resolved. Only fixes
and layout improvements, no new features.
This release fixes an upgrade issue from 3.6.x to 3.11.x and also a
MySQL/MyISAM related issue in the 3.11.0 release.
A few uncaught regressions from 3.10.x and 3.11.0 were fixed, and as
usual David Carella of Linagora added some Admin GUI layout improvements.

Noteworthy changes:

• It is now possible to easily upgrade from EJBCA 3.6.x to 3.11.x.


• Fixed a MySQL mapping that did not work when using the MyISAM storage engine and UTF-8 encoding.


• ETSI QC value limit can now have the value zero.


• Admin GUI improvements from David Carella of Linagora.


• Added a favicon to the EJBCA web interfaces.


• Fixed an issue causing cached end entity profiles (not default) to be changed for some actions in the admin GUI.


• Fixed an issue where session information spilled over to other edits when using the "Back to certificate profiles" link.


• Fixed an issue where using the required flag on Cardnumber in a end entity profile gave error about missing unstructured address. This also resolved an issue where the DN field Unstructured Address did not work.

You can read the full changelog in the EJBCA Jira.

In addition to making EJBCA available as full open source software, PrimeKey also supplies support services and training for EJBCA.

EJBCA at FOSDEM 2011

Next year at FOSDEM in Brussels, 5-6 february 2011, we will do something different. Previous years we have had a stand, but this year we will participate in the OpenSC devroom.


Anyone interested in PKI and smart cards (and any of the other hundreds of open source technologies present at FOSDEM) should go there.

See you in Brussels!

Cheers,
Tomas

EJBCA 3.11.0 released

Yesterday we released EJBCA 3.11.0.

This is a major release with several new features – 47 issues have been
resolved.
One major goal with this release is to prepare for a seamless migration
to EJBCA 4.0. To make the migration path to EJBCA 4.0 a simple plug-in
upgrade.

Following our updated QA process (by Tham) we believe that EJBCA 3.11.0
is a high quality release, the fastest and best release of EJBCA to date.
We'll see if this release can match the previous release EJBCA 3.10.5,
with virtually no serious issues reported after thousands of download.

Noteworthy changes:
- Possibility to configure CA not to use certificate and user store,
meaning that CA can issue certificates without having to access database
after service startup.
- External OCSP responder can now function as a validation authority
serving OCSP, CRLs and CA certificates.
- Certificate store access via HTTP according to RFC4387 standard.
- Possibility in WebService Interface to specify extended information
when editing users.
- Possibility to specify custom certificate serial number for end
entities using CMP protocol. CMP RA secret can now also be specified per CA.
- Upgrade database schema to be consistent across databases.
- Add a few new columns to database tables, a preparation to be used in
EJBCA 4.0.
- Improvements in the Glassfish support, now also usable with Oracle
database.
- Several other new features and extended key usages, GUI improvements
and performance enhancements – many of which are contributed by Linagora.

Regards,
PrimeKey EJBCA Team

EJBCA 3.10.6 and cert-cvc 1.2.12 released

EJBCA is our Open Source Enterprise PKI certificate authority.
Cert-cvc is our open source java library for working with EAC CV certificates.

This release is a very small maintenance release intended mostly to mark
the end of the 3.10 branch, anticipating 3.11.0 to be released within a
few days.
If you are running 3.10.5 with no issues, there is no real reason to
upgrade to 3.10.6. A few people have been waiting for the only new
feature in this release, but for others there is nothing really exciting.

EJBCA 3.11.0 however will be a stepping stone towards EJBCA 4.0, which
is nearing. EJBCA 3.11.0 will contain many new features and enhancements.

Changes:
New Feature
* [ECA-1264] - Add extended information to edit user WS-API.

Improvement
* [ECA-1877] - SPOC interop requires "unusual" countries which the CVC
library does not permit

Bug
* [ECA-1841] - Error adding end entity with several required and non
required OUs
* [ECA-1845] - Wrong reference in on line doc link for renew ca
* [ECA-1914] - Import of certificate profiles referring to CVC CAs
failed in CLI

You can view the changelog in Jira:


As usual you can download the new release from EJBCA.org:


Regards,
The PrimeKey EJBCA Team

PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.

EJBCA 3.9.9 released

We have released EJBCA 3.9.9. This is an informal maintenance release
with only one new feature and a few back-ported fixes from 3.10.
The release was done for a particular project. For normal usage we do
recommend the latest released version 3.10.5, which is the preferred
version and proven to be very stable. You should only upgrade to this
version if you have a specific purpose and requirements.
For regular users, even of the 3.9 branch, there is not need to upgrade
unless you need any of the specific fixes in this release.

Changes:
- ExtendedInformation, such as issuance revocation reason, can now be
added when editing users with the WebService API (new feature also
present in upcoming 3.10.6 and 3.11.0 releases).
- Error adding end entity with several required and non required OUs
(new fix for rare issue, also present in upcoming 3.10.6 and 3.11.0
releases).
- Added correct URIEncoding also for port 8080 in Tomcat's server.xml
(back-port).
- Fixed Issuer CA DN HTML escaping when revoking through Admin GUI
(back-port).
- Using multiple of the same Custom OID field for OtherName in Subject
Alternative Names results in double values (back-port).

Note: The WebService WSLD has changed for adding ExtendedInformation in
the UserDataVOWS object.
Old WS clients without this should still work and we have tested with
older EJBCA clients.
However if you depend on the WS-API you must test in your environment
before bringing this new version in production.

Regards,
PrimeKey EJBCA Team

EJBCA 4 basic roadmap

On request I will try to outline a better view of the roadmap for EJBCA 4 than is visible in Jira.

- EJBCA 4 is primarily a technology upgrade, move from J2EE (EJB2.1) to JEE5 (EJB3 and JPA).

What will this give us you ask?

- Leaner, meaner, faster and better code. Smaller code base and less bundled 3rd party libraries.
- Easier, thus faster, development of new features, while keeping the code cleaner.
- Better support for different application servers, JEE5 is much better standardized.
- Better support for different databases, using hibernate makes configuration easy.
- Integration of CESeCore, the Common Criteria certified security core under development. This will pave the road for having EJBCA 4.x Common Criteria certified.

All this brings us better support for, for example, Glassfish. On the other hand we must drop support for OC4J, since it will never get JEE5 capabilities. EJBCA 4 will require Java 6, since even that is getting old and Oracle does not support Java 5 anymore.

So as you see this is mostly a technical/developer friendly release, ensuring that EJBCA will continue to be a front runner of PKI for the coming years.

This is also one conscious decision, significant effort is put into migrating EJBCA to use the latest technologies. This should however not affect users, who will be able to seamlessly upgrade from EJBCA 3.11 to EJBCA 4.

There will be a few new features not available in 3.x though, mostly minor gems.

For the full roadmap visit, Jira, but be aware that especially for minor features and fixes, many of the issues targeted for EJBCA 4 might shift priorities (thus postponed), and new ones will be brought in. You can still see what has been already fixed.

What is the status of EJBCA 4?
- Subversion trunk, up and running, stable and passing most tests.
- Further improvements, structural work and upgrade testing going on.

You can follow the quality progress at our Hudson server.

So you can check out EJBCA 4 from subversion already today and give it a spin. Only for the brave technical persons.

What is the time schedule?
- EJBCA 4.0 should go beta before the end of 2010. And be released sometime Q1 2011.

What happens after that?

Once EJBCA 4.0 is out we will start focusing more on the new admin web console, and getting EJBCA common criteria certified. Naturally new features will continue to be developed, currently new features arrive at a rather aggressive pace. 2011 is destined to be an exciting year.

Regards,
PrimeKey EJBCA Team