EJBCA, JEE PKI Certificate Authority News

We are pleased to announce the release of EJBCA Community 8.3.

Release highlights include:

• Hybrid Certificates
• Bouncy Castle upgraded to 1.78
• EJBCA updated with top-level menu
• Documentation on Keyfactor Docs

For more information:

Read the full EJBCA Community 8.3 Release Notes

Visit the EJBCA project on ejbca.org

We are pleased to announce the release of EJBCA Community 8.2.0.1.

Release highlights:
- Extended REST interface in EJBCA Community

For more information:
Read the full EJBCA Community 8.2 Release Notes
Visit the EJBCA project on ejbca.org

EJBCA Community 7.11.0 is released

We are pleased to announce the release of EJBCA Community 7.11.0

Release highlights include:

• SCP Publishing and Certificate and CRL Reader Service
• Partial Support for CMP Lightweight Profile
• Bouncy Castle upgraded to 1.72

For more information:

Read the full EJBCA 7.11.0 Release Notes ... read more

EJBCA Community 7.10.0.1 is released

We are pleased to announce the release of EJBCA Community 7.10.0.1.

Release highlights include:

• REST API Improvements
• Certificate Self-Renewal
• Cert Safe Publishing to HTTPS Server

For more information:

Read the full EJBCA 7.10.0.1 Release Notes

Visit the EJBCA project on ejbca.org.

Follow us on EJBCA Discussions on GitHub for future announcements

At the Keyfactor Community Tech Meetup in Stockholm on September 7, you will get a chance to meet the EJBCA founder Tomas Gustavsson and product architect Mike Agrenius Kushner and ask any questions that matter to you and your team.

To be sure to get your topics covered, you are welcome to ask your questions in advance on GitHub; https://github.com/Keyfactor/ejbca-ce/discussions/71

Read more and sign up for the Meetup: https://www.keyfactor.com/keyfactor-community-tech-meetup-2022/

From now on, our main discussion forum is on GitHub. Please join us there to share knowledge or ask questions to other developers or the product team: EJBCA Discussions on GitHub. The SourceForge mailing lists will be discontinued during 2022.

We also welcome you to sign up for our Newsletter on Keyfactor Community, to stay up to date on the latest news, software updates, hands-on tutorials and user workshops on all our open-source software.

We are pleased to announce the release of EJBCA Community 7.9.0.1.

Release highlights include:

• More frequent EJBCA Community releases
• More flexible certificate enrollment via REST API
• Connect certificates to any identities with External Account Bindings

For more information:

Read the full EJBCA 7.9.0.1 Release Notes

Visit the EJBCA project on ejbca.org. ... read more

A new major update to EJBCA Community is out, 7.4.3.2.

Read the full announcement here:
https://www.ejbca.org/news/ejbca-community-7-4-released/

Also on the download page at ejbca.org:
https://www.ejbca.org/download/

There is a link to the updated community source repo, which is now on GitHub.
https://github.com/primekeydevs/ejbca-ce

Edit: The survey time has now ended. Stay posted for the coming release of 7.4.0 CE.

Get your hands on the hottest EJBCA Community edition first!
We are now offering you the latest EJBCA Community edition in return for answering 19 questions regarding your use of EJBCA and what is important to you.

Help us continue to develop EJBCA in the future
During November and December, PrimeKey is offering EJBCA Community 7.4.0 before its official release in 2021 because we need your help to know how to continue to develop EJBCA in the future.... read more

This is a patch release of EJBCA Community Edition with a few security fixes and increased test stability.
Full ticket descriptions can be found in the issue tracker https://jira.primekey.se/ where we also look forward to your feature requests and/or patches.

Thank you for all the testing, feedback and patches we received during 2019 and happy holiday hacking!

6.15.2.5:
** Bug
* [ECA-8679] - Security issue
* [ECA-8691] - Add upgrade notes for ECA-8679
** Task
* [ECA-8693] - Security: Backport upgrade of external dependency... read more

This is the latest Community Release version of EJBCA 6.3.1. This version is identical to the publicly available code in 6.3.1, with the addition of a couple of essential bug fixes for regressions. For those upgrading from the previous Community Edition, a lot has happened.

• Noteworthy changes from EJBCA 6.2.0 Community:
  • Reduced certificate signing time with throughput increase of approximately 10% for low workloads and 70% for intensive workloads. Numbers are compared to EJBCA 5 and EJBCA 6.
  • OCSP responder has been widely optimized.
  • EJBCA has been upgraded to use BouncyCastle 1.51
  • Fully localized in French, thanks to David Carella of Linagora.
  • The OCSP default responder is now configurable from the GUI. Old configurations in ocsp.properties will automatically be migrated, and the configuration line should be removed from ocsp.properties.
  • The OCSP default responder will now reply for all external CAs that don't have a specific OCSP keybinding set. See UPGRADE document and documentation for further information.
  • The OCSP responder now supports requests containing Certificate IDs hashed in SHA256
  • An XSS issue in the Public Web was patched
  • VA Publisher and External RA have become Enterprise features. ... read more

This is a maintenance release with new features, bug fixes and improvements. In all 32 issues have been fixed.
The biggest news in this release are support for EAC 2.10 access control templates, more OCSP improvements as
well as improvements for Key Recovery.

• Noteworthy changes:
• OCSP improvements and new features related to RFC 6960, minimizing size of OCSP responses (see note below).
• Implemented OCSP signing algorithm including client requested algorithms.
• CVC certificate profiles (ePassport PKI) now supports EAC 2.10 access control templates.
• Improvements to Key Recovery enabling encryption key rollover and providing more information about encryption keys.
• Windows build/install is now working.
• ManagementCA created during a default install now uses SHA256WithRSA.
• EJBCA now compiles (deployment/running not supported however) on WildFly 8 and Glasshish 4, also using Java 8.
• EJBCA can now use certificate serial number longer than 64 bits.
• Minor improvements and fixes to make life easier for everyone.... read more

PrimeKey is happy to announce that EJBCA Enterprise 6.0.3 has been released! This is a maintenance release – 21 issues have been resolved.
Running on the latest technology platforms, this PKI is faster, more resource efficient, more secure and more user friendly than ever. EJBCA Enterprise v.6 is so flexible it is suitable for any organization, cloud, social or mobile system.

EJBCA, the open source PKI, has been around for quite some time now, since 2001 to be exact. The last major release of EJBCA Community was EJBCA 4, which saw many updates up to the final release 4.0.16 in June 2013. EJBCA 5 was Common Criteria certified, and therefore never released to the public. After a long wait, and much development, EJBCA Community version 6 is now here.... read more

This is a maintenance release containing a few new features and improvements. In all 5 issues have been resolved.

* Noteworthy changes:
- Active certificates published to a VA publisher that only publishes revoked certificates are no longer stored in the queue.
- Publishers are cached for improved performance.
- New and fixed settings that makes EJBCA work better behind an Apache using ProxyPass, by David Carella.
- Some passwords are not displayed in the console during build anymore, by David Carella.... read more

We just released EJBCA 4.0.13 as an early gift from the EJBCA Team.

This is a maintenance release containing a few new features and
improvements. In all 25 issues have been resolved.

* Noteworthy changes:
- New self-registration work-flow available in the public web.
- Added extended key usage for WiFi EAP authentication.
- Some build improvements to avoid issues on some platforms (no
javascript, no jasper).
- More minor GUI improvements by David Carella of Linagora.
- Minor bug fixes.... read more

We are delighted to present a new release of EJBCA 4. EJBCA 4 continues to get new features and fixes and is state of the art PKI.

This is a maintenance release containing a few new features and improvements.

* Noteworthy changes:

- Possibility for External OCSP responder key renewal at absolute times.
- Certificate expiration notifier can now filter on certificate profiles, not only CAs.
- A publisher for sampling of issued certificates.
- Added user friendly output of certificate profile dependencies when deletion can not be done.
- A new language tool for developers and localizers, by David Carella of Linagora.
- OCSP rekeying now works on JBoss 6.1.0 and JBoss EAP5... read more

This is a maintenance release containing 1 security bug fix.

* Noteworthy changes:
- Fixed XSS issues in admin GUI.

Read the full Changelog for details.
For upgrade instructions, please see UPGRADE (in the release package).

This is a maintenance release with a few bug fixes and new features. In all, 16 issues have been resolvesd.

* Noteworthy changes:
- CMP: SenderKeyID no longer needs to be set in the request if it is not needed.
- CMP: KeyUpdateRequest works in RA mode as well as in client mode.
- CMP: It is now possible to skip verification of a CertConfRequest if desired.
- CRL: More efficient CRL download
- AdminGUI: Improvement in the appearance.
- Fixed few minor XSS issues and other minor bugs... read more

This is a maintenance release with a few improvements and bug fixes. In all 7 issues have been resolved.

* Noteworthy changes:
- Correct comparison of public key in HSM and CA certificate
- Fixed regression during republish
- Many small bug fixes.

We are proud to release EJBCA 4.0.4.

This is a maintenance release with a few new features and bug fixes. In all 33 issues have been resolved.

* Noteworthy changes:
- Improved CMP with many new authentication modules in both client and RA mode, and support for Nested content
- Support for custom certificate extensions with raw or RA defined values.
- Many small bug fixes.

With this update EJBCA has support for most use cases for CMP, including the new 3GPP standard.

This is a maintenance release with a few improvements and bug fixes. In all 5 issues have been resolved.

* Noteworthy changes:
- Improved CMP interoperability, with minor improvement and bugfixes.
- Fixed a bug that made it impossible to delete end entity profile on certain databases, in particular hsql (test database).

Read the full Changelog for details.
For upgrade instructions, please see UPGRADE.

This is a maintenance release with many improvements and fixes. In all 44 issues have been resolved.

* Noteworthy changes:
- Internal optimizations makes this the fastest version of EJBCA ever, capable of issuing > 400 certificates/second (depending on configuration).
- Certificate enrollment now works also with Safari and Chrome browsers.
- Support for PrivateKeyUsagePeriod certificate extension.
- Fixed a time zone bug issuing CVC certificates where the date was encoded using local timezone instead of GMT in certificates.
- More admin console and public web improvements from David Carella of Linagora.
- Now uses ISO8601 date format consistently when entering dates in admin console.
- Automatic generation of Norwegian UNID numbers from CMP requests.
- Many small bug fixes and improvements.... read more

We have just released EJBCA 3.11.2.
This is a maintenance release containing 11 bug fixes, and 12 new features/improvements.

* Noteworthy changes:
- Several bug fixes
- Increased algorithm support on PKCS11 HSMs
- Added a webservice based RA written by Daniel Horn
- Possibility to disable the command line interface
- New CA CLI commands to import CRLs and certificates which are useful when migrating to EJBCA... read more

We just released EJBCA 4.0.1. This release has a single fix, which
slipped through QA of 4.0.0. So far EJBCA 4.0.0 has been downloaded 400
times, and this is the only bug report so far.
I think it shows that IE is not so widely used by the EJBCA team, but it
shouldn't have slipper through QA nevertheless.

Changes:
- Fixed failure to perform web browser enrollment with Internet Explorer.

The release can be downloaded from the usual place, http://www.ejbca.org/.... read more

The PrimeKey EJBCA team is happy to announce
that a new generation of EJBCA is finally here. As always, you can
download the release from SourceForge
(https://sourceforge.net/projects/ejbca/).

In this release, the underlying framework has changed from Java
Enterprise Edition 2, to 5. EJBCA 4 will constitute the solid base for
EJBCA for the coming years. Together with major refactoring, the Java
Enterprise upgrade significantly improves the quality of the EJBCA code
and internal architecture, allowing for faster development time. The
tecnology upgrades also make way for the development of a new
Administration GUI and the integration with CESeCore [1].... read more