EJBCA 5.0.8 released

We are pleased to announce the release of EJBCA Enterprise version 5.0.8.

This is a maintenance release with improvements and bug fixes. In all 12 issues have been fixed.

* Noteworthy changes:
- Private key is not longer needed to verify database protection using the ejbca-db-cli.
- Improved robustness of 'ejbca.sh ca importcertdir' command.
- It is now possible to obfuscate log signer key password.
- Fixed a but with CMP certificate authentication.
- Minor bugfixes.

These are all minor issues and improvement.

Regards,
PrimeKey EJBCA Team

EJBCA 4.0.13 released

We are glad to release version 4.0.13 of EJBCA to the Community.

This is a maintenance release containing a few new features and improvements. In all 25 issues have been resolved.

* Noteworthy changes:
- New self-registration work-flow available in the public web.
- Added extended key usage for WiFi EAP authentication.
- Some build improvements to avoid issues on some platforms (no javascript, no jasper).
- More minor GUI improvements by David Carella of Linagora.
- Minor bug fixes.

The release do not contain any critical fixes, but is a natural step in improving the Community version of EJBCA.

The self-registration work-flow that first appeared in the EJBCA v5.0 Enterprise version has now also been released in EJBCA 4.0. Self registration has been a long standing request from the community and also some customers, and we a glad to say that it is now available in all active versions of EJBCA. Don't miss to try it out!

Get the new release from http://www.ejbca.org/.

Happy holidays,
PrimeKey EJBCA Team

EJBCA 5 receives Common Criteria, EAL4+, certificate

We are pleased to announce that PrimeKey Solutions AB has successfully completed Common Criteria EAL4+ Certification of EJBCA version 5. The much awaited Common Criteria certificate, issued by ANSSI (Agence nationale de la sécurité des systèmes d’information), is an important milestone in EJBCAs 10+ years rich history of achievements.
With this formal evidence that EJBCA confirms to the rigorous security standards for Certificate Issuance and Management Systems, this Common Criteria certification benefits Primekey’s customers and partners, as well as the community, and strengthens EJBCA’s position as the top pick of secure Certificate Authority software around the world.

EJBCA is certified based on the CIMC Protection Profile (v1.0) at security level 3. The assurance level is EAL4+ (EAL4 augmented with ALC_FLR.2).

Beyond a Shadow of a Doubt

Due to regulations and legislations, the Common Criteria EAL4+ Certification is often mandatory to reach the highest level of security requirements in computer software. The proof of achieved CC certification is a neccessity for EJBCA users who need to run mission critical PKI, and who will have their own software, solution or service, certified and audited for standards compliance, such as CWA and WebTrust. PrimeKey welcomes, of course, the certification as an additional proof that our EJBCA development adheres to the strictest security practices and enables us to reach out to customers that require formal certification.

“Our clients' projects often have to undergo own strict security certification and audit processes. This official proof of EJBCA's Common Criteria Certification will help them reach positive outcome, which sometimes is crucial for us in order to sign a new contract”, says CEO Konstantin Papaxanthis.

From now on, no organisation has to refrain from using EJBCA because of any particular security requirements. PrimeKey's customers can go straight ahead having their EJBCA based projects security evaluated and formally certified as audit compliant to the most demanding standards.
For more info on “EJBCA v.5” please visit www.primekey.se/.

The EJBCA community can also be assured that the development of EJBCA Community Edition follows the same certified development process.

About Common Criteria

The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for computer security certification. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.
For more info on “Common Criteria” please visit www.commoncriteriaportal.org/.

About EJBCA PKI

A serious enterprise class PKI, EJBCA is utilized as a Certification Authority, to build complete PKI infrastructures within organizations who issue certificates for different purposes, such as:

• Strong authentication for users accessing your intranet/extranet/internet resources.
• Secure communication with SSL servers and SSL clients.
• Smart card logon.
• Signing and encrypting email.
• VPN connections by issuing certificates to your VPN routers.
• Client VPN access with certificates in users VPN clients.
• Secure logon to web applications (Single sign-on).
• Creating signed documents.
• Mobile PKI, like enrolling iOS.
• Secure mobile networks, i.e. 3GPP/LTE/4G using the CMP protocol.
• Counterfeit prevention.
• Issue national eIDs.
• Issue and inspect electronic passports, including EU EAC ePassports.
• ... and many many more ...

For more info on “EJBCA” please visit www.ejbca.org/.

SignServer 3.2.3 Released

The PrimeKey SignServer team is happy to announce that SignServer 3.2.3 has been released!

This is a maintenance release - in total 34 features, options, bugs and stabilizations have been fixed or added.

Development continues beyond this version and all requests from the community are scheduled for SignServer 3.2.4 or later releases.

More information is available at the project web site and the complete changelog can be viewed in the issue tracker.

The most noteworthy changes can be seen below.

Major new features and improvements:

• Support for running SignServer without database
• Configurable to disable the key usage counter 
• Signer certificate check in Health check for all Signers
• Check that the timestamp signer certificate is included in the certificate chain
• Health check response of TimeStampSigner now considers status of time source
• Down-for-maintenance support in Health check
• Support for supplying filename as request metadata 

Bug fixes:

• Client CLI only supported 10 arguments on Windows
• Null value was inserted when removing last wsadmin on Oracle
• PDF Signature could not be larger than 15000 bytes
• Sample configuration for renewal worker not functional
• Various documentation updates 

Notice:
Some internal API changes has been done as part of DSS-528. If you have custom code some changes might be required.

Regards,
The PrimeKey SignServer team

CESeCore gains Common Criteria certification

After 2 years of work, and 6 months of administrative waiting period CESeCore has finally received the final, signed, Common Criteria certification.

Providing a certified component library

By June 2012 the CESeCore project fullfilled its primary purposes: to make the CESeCore Security Core 1); Common Criteria EAL 4+ certified and 2); publicly available for integration with enterprise applications.
Vendors aiming to attain their own Common Criteria certification will continue to draw significant benefits through the use of the fully approved CESeCore library, which greatly shortens and simplifies implementation of many important security functions.
The certified CESeCore has also taken PrimeKey's EJBCA Enterprise edition a steady leap forward towards its own final Common Criteria certification.

"When we created CESeCore, we added the most important security functions from certificate management, certificate validation and timestamping, into a re-usable Java Enterprise component library. And we worked patiently to have it Common Criteria certified! Anyone who needs these security functions no longer have to re-invent the wheel."
— Tomas Gustavsson, PrimeKey CTO

Certification details

CESeCore is certified based on the CIMC Protection Profile (v1.0) at security level 3. The assurance level is EAL4+ (EAL4 augmented with ALC_FLR.2).
For those interested all details are available in the CESeCore Security Target.

EJBCA to be completed

Building on the CESeCore, EJBCA 5.0 has already completed the evaluation for the Common Criteria evaluation at the same level. We are only awaiting the administrative process to receive the final certificate also for EJBCA.

EJBCA 5.0.5 released

4 Jun 2012 — Stockholm, Sweden

Primekey proudly presents the 5.0.5 maintenance release of EJBCA.
Quite some effort was put into stabilizing the 5.0.x release for production use, including bug fixes and improvements of usability for issues discovered during production deployments.

To find out how to access EJBCA 5 visit PrimeKey's PKI Shop.

EJBCA PKI *5.0.5* release notes
A maintenance release containing a couple of small features and many bug fixes. The following are a selection of the most noteworthy:

New features

• Index recommendations have changed.
• CVC CAs can now be created from the Command Line Interface.
• EJBCA now supports Japanese localization.
• Overall performance increases.
• Removed redundant and excessive logging to audit logs.

Bug fixes

• Fixed bug where recursive deny rules caused deny for system user.

Development continues beyond this version and all requests from the community are scheduled for EJBCA 5.0.6 or later releases.
More information is available at the project web site and the complete changelog can be viewed in the issue tracker.

Mobile ID client from Nerd integrated with EJBCA PKI from PrimeKey

Mobile ID is a open source new Android app for signatures and encryption developed by Nerd in Greece. It is still a beta version, but I though it might be interesting to know. It has been integrated with EJBCA so you can get a certificate easily. Development and further integration will also continue beyond this point. Also see press release.