EJBCA, JEE PKI Certificate Authority

Email Archive: ejbca-news (read-only)

2001:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov (1)	_Dec (1)
2002:	_Jan (3)	_Feb (2)	_Mar	_Apr (3)	_May	_Jun (1)	_Jul	_Aug (1)	_Sep	_Oct (1)	_Nov	_Dec (1)
2003:	_Jan	_Feb	_Mar (1)	_Apr	_May (2)	_Jun (2)	_Jul	_Aug	_Sep	_Oct (1)	_Nov	_Dec
2004:	_Jan (1)	_Feb (1)	_Mar (2)	_Apr	_May (1)	_Jun (2)	_Jul	_Aug	_Sep (2)	_Oct	_Nov (1)	_Dec (1)
2005:	_Jan	_Feb (1)	_Mar	_Apr (1)	_May (1)	_Jun	_Jul	_Aug (1)	_Sep	_Oct	_Nov (1)	_Dec
2006:	_Jan	_Feb	_Mar	_Apr (1)	_May (1)	_Jun (1)	_Jul	_Aug	_Sep (2)	_Oct	_Nov (1)	_Dec (1)
2007:	_Jan (3)	_Feb (1)	_Mar	_Apr (1)	_May	_Jun (1)	_Jul (1)	_Aug (1)	_Sep (2)	_Oct	_Nov (1)	_Dec (1)
2008:	_Jan (2)	_Feb	_Mar (1)	_Apr (1)	_May (1)	_Jun (1)	_Jul (3)	_Aug (2)	_Sep (3)	_Oct (2)	_Nov (1)	_Dec (1)
2009:	_Jan (2)	_Feb (1)	_Mar (1)	_Apr	_May	_Jun (2)	_Jul	_Aug (1)	_Sep	_Oct (2)	_Nov (1)	_Dec (1)
2010:	_Jan (1)	_Feb	_Mar (3)	_Apr	_May (2)	_Jun (4)	_Jul	_Aug (1)	_Sep (1)	_Oct (1)	_Nov (3)	_Dec (2)
2011:	_Jan	_Feb (1)	_Mar (3)	_Apr	_May (4)	_Jun (1)	_Jul (1)	_Aug	_Sep	_Oct (1)	_Nov (3)	_Dec (1)
2012:	_Jan	_Feb	_Mar (2)	_Apr	_May (1)	_Jun (3)	_Jul	_Aug (1)	_Sep	_Oct	_Nov	_Dec (1)
2013:	_Jan	_Feb (1)	_Mar	_Apr	_May (1)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
						1

2	3	4	5	6	7	8
				(1)
9	10	11	12	13	14	15

16	17	18	19	20	21	22
			(1)
23	24	25	26	27	28	29

30

[Ejbca-news] EJBCA 3.5.1 released

From: Tomas Gustavsson <tomas@pr...> - 2007-09-19 12:03

This is a minor fix release, fixing an installation issue with 3.5.0 and 
some other minor bugs.

Read the changelog for details.

This is a plug-in upgrade from 3.5.x. See UPGRADE for the simple 
instructions.

Changes:
Improvement
* [ECA-593] - Tool for checking translation files for missing tags
* [ECA-602] - Enable use of multiple CRL Distribution points by changing 
GUI length constraints

Task
* [ECA-592] - Update french language file

Bug
* [ECA-445] - JBoss deadlock problems
* [ECA-542] - Null pointer exception when you run 
"$EJBCA_HOME/bin/ejbca.sh ca republish -all"
* [ECA-591] - Install does not work unless web.properties is defined
* [ECA-594] - Certificate enrollment on card does not work using https 
only http
* [ECA-600] - Removing certificates from LDAP does not work using LDAP 
search publisher and username match
* [ECA-601] - checkCertificateStatus for certificates that doesn't 
exists in database throws a Nullpointer exception
* [ECA-604] - Advanced Access Rules visual bug, End entity profiles rule 
haven't the id to name replaced correctly

[Ejbca-news] EJBCA 3.5.0 released

From: Tomas Gustavsson <tomas@pr...> - 2007-09-06 08:23

We are proud to announce EJBCA 3.5.0, with enahnced features all over, 
both enterprise class stuff, and simpler stuff.

This is a major release with many new interesting features and framework 
improvements.
Read the changelog for details.
Notable changes in no specific order:
- PKCS#11 interface to HSMs, support for Utimaco CryptoServer, and 
improved auto-activation of HSMs.
- Much enhanced Webservice API for administration.
- Import CA function supports HSM, possible to create initial CA on HSM 
and initial admin on smart card.
- Soft CA keystores uses same framework as HSMs, possible to give 
private password to every soft CA.
- New options for specifying certificate validity, per end entity, fixed 
date etc.
- Possible to keep configuration/modifications in an external directory.
- Possible to use different profiles in CMP RA mode.
- you can now require approvals for revocation.
- Support multiple email altNames in admin-GUI.
- Option to choose reverse DN for a CA.
- Root-less install, using custom SSL truststore for JBoss/Tomcat.
- Lots of other small fixes and improvements, 69 issues resolved.

For upgrade instructions, please se UPGRADE.

Because there are binary files in EJBCA_HOME/lib and many massive 
changes there is no patch file for upgrading
EJBCA 3.4.x to 3.5.0. Use the full package from EJBCA 3.5.0 and follow 
the upgrade instructions.

Changes:
-------
New Feature
     * [ECA-81] - Editing validity per End Entity
     * [ECA-115] - Serial Number Check
     * [ECA-138] - HardToken PIN data should be encrypted in database
     * [ECA-249] - Possible to configure specific validity dates in 
certificate profiles
     * [ECA-398] - Support multiple email altnames in admin-GUI
     * [ECA-414] - Possibility to choose reverse DN for a CA
     * [ECA-419] - Improve CA softs security to use individual passwords
     * [ECA-470] - PKCS11 tokens for new CA and support for Utimaco 
CryptoServer (using pkcs11)
     * [ECA-472] - Custom Logging
     * [ECA-480] - Import Hard Token Data in CLI
     * [ECA-489] - New ant argument that outputs the version number of 
the EJBCA installation.
     * [ECA-505] - Enable download of CA certificate as jks-file from 
Basic Functions in Admin GUI.
     * [ECA-516] - Present warning in the Admin GUI when JCE Unlimited 
Strength Jurisdiction Policy Files isn't used.
     * [ECA-520] - Experimental reporting functionality using JasperReports
     * [ECA-526] - Possible to install with initial AdminCA on HSM
     * [ECA-527] - Possible to retrieve entity certs with CLI
     * [ECA-545] - Allow initial superadmin enroll on smartcard
     * [ECA-573] - Root-less install, use custom SSL truststore for 
JBoss/Tomcat

Improvement
     * [ECA-35] - make better looking public enroll pages
     * [ECA-232] - When listing administrators in access rights, make 
the link clickable
     * [ECA-291] - Option to specify certificate validity begin time drift
     * [ECA-331] - Hide HardToken Puk Data in View HardToken page
     * [ECA-426] - Include nonce in requests from OCSP client
     * [ECA-461] - Build script does not check for actual version of 
java that is used.
     * [ECA-462] - Possible to keep configuration/modifications in an 
external directory
     * [ECA-465] - Possible to use different profiles in CMP RA mode
     * [ECA-468] - Create a PKCS7 with the web service interface to 
import it in IE
     * [ECA-471] - New Calls in the EJBCA Web Services interface
     * [ECA-473] - Interface of UserDataSources improved for support of 
UserData Deletion
     * [ECA-475] - Improved functionality in Extended CMS Service
     * [ECA-482] - Move scep servlet to its own web application
     * [ECA-494] - Better default datasource for ScepRAServer in External RA
     * [ECA-495] - ScepRAServer in External RA will process the same 
message until it is approved
     * [ECA-502] - build.xml should use $JAVA_HOME/bin/keytool instead 
of first one in path, if available.
     * [ECA-507] - Add description on UPN field.
     * [ECA-508] - When using Validity Override, don't allow validity to 
start before current time.
     * [ECA-509] - When using Validity Override, don't allow validity to 
to extend beyond the validity of the certificate profile
     * [ECA-510] - AD Publisher should use different container for 
certificateRevocationList
     * [ECA-513] - Not consequent text in profiles menu choices
     * [ECA-514] - Java exception when removing newly added service
     * [ECA-518] - Support new key purpose CAKEYPURPOSE_HARDTOKENENCRYPT
     * [ECA-531] - Improve Approvals with multiple steps of 
non-executable approvals
     * [ECA-532] - Support Approvals for the getHardTokenData and 
genTokenCertificates call
     * [ECA-536] - Import CA function supports HSM CAs
     * [ECA-537] - Require approvals for revocation
     * [ECA-572] - Confusing text in conf/ejbca.properties.sample
     * [ECA-581] - Bad presentation of approvalId, sometimes it is 
displayed with - sign in notification
     * [ECA-584] - Not possible to use comma in CA DN when creating CA

Bug
     * [ECA-412] - Try to create service after re-deploy gives exception
     * [ECA-413] - When choosing "Hard Token Type", all previously made 
"Settings" are deleted.
     * [ECA-443] - If you execute ./ejbca.sh batch in "ejbca/bin" the 
script creates ejbca/bin/p12 and puts the new p12:s in there instad of 
ejbca/p12
     * [ECA-460] - Get certificate chain link in public enroll pages 
does not work when CA is signed by external Root.
     * [ECA-467] - Private EC keys report different algorithm after 
application server restart
     * [ECA-501] - Weblogic throws TransactionRolledBackLocalException 
on duplicate log lines
     * [ECA-512] - Java exception when editing services
     * [ECA-525] - ExtRATestClient not working according to doc
     * [ECA-539] - Removing any but last of dynamic fields in an End 
Entity Profile generates errors when creating an end entity.
     * [ECA-548] - Automatic token activation fails when using nCipher HSM
     * [ECA-549] - No space triming in DN of a CA
     * [ECA-556] - Security: XSS possibility on public web
     * [ECA-559] - Autoactivate of Hard CA tokens does not show as 
active in Admin-GUI
     * [ECA-560] - Renew of keys for soft token CA must not regenerate 
encryption keys
     * [ECA-561] - CA levels displayed incorrectly in Basic Functions at 
depth > 2
     * [ECA-571] - PKCS#11 times out after some time on Utimaco
     * [ECA-574] - Wrong validity of created CAs, maximum two years
     * [ECA-583] - Bug in advances access rules view, UserDataSources 
displayed id instead of name i rule

Task
     * [ECA-491] - Remove support for JDK 1.4
     * [ECA-538] - Remove CA import restrictions depending on keyusage 
field in CA-cert.
     * [ECA-576] - Remove support for JBoss < 4.0