You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(3) |
Feb
(2) |
Mar
|
Apr
(3) |
May
|
Jun
(1) |
Jul
|
Aug
(1) |
Sep
|
Oct
(1) |
Nov
|
Dec
(1) |
2003 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(2) |
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
2004 |
Jan
(1) |
Feb
(1) |
Mar
(2) |
Apr
|
May
(1) |
Jun
(2) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(1) |
Dec
(1) |
2005 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
2006 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
(1) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(1) |
Dec
(1) |
2007 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(2) |
Oct
|
Nov
(1) |
Dec
(1) |
2008 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
(1) |
May
(1) |
Jun
(1) |
Jul
(3) |
Aug
(2) |
Sep
(3) |
Oct
(2) |
Nov
(1) |
Dec
(1) |
2009 |
Jan
(2) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(1) |
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(1) |
2010 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
|
May
(2) |
Jun
(4) |
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(3) |
Dec
(2) |
2011 |
Jan
|
Feb
(1) |
Mar
(3) |
Apr
|
May
(4) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(3) |
Dec
(1) |
2012 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
2013 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(2) |
2014 |
Jan
|
Feb
|
Mar
(4) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
2016 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2017 |
Jan
(2) |
Feb
(2) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Tomas G. <to...@pr...> - 2010-01-07 13:04:38
|
We are proud to release yet a new version of EJBCA. This is a minor release with only a few minor fixes. Nothing critical that makes is necessary for you to jump directly on to this release, just a few fixes. Noteworthy changes: - Fixed a bug where OCSP responder would not return correct status for archived (expired) certificates. - Fixed a regression for the (deprecated) SafeNet JCE CA token. - Fixed a regression where you could not renew expired CAs - It's not possible to renew soft ECC CA keys in the admin GUI - All language files are now encoded in UTF-8 - Fixed corner cases where bogus CRLs and certs could be published to LDAP Read the full changelog for details (https://jira.primekey.se/browse/ECA?report=com.atlassian.jira.plugin.system.project:changelog-panel). For upgrade instructions, please see UPGRADE in the release package. Regards, The PrimeKey EJBCA Team |
From: Tomas G. <to...@pr...> - 2009-12-21 15:47:52
|
In time for christmas the EJBCA team would like to give you a christmas present in the form of EJBCA 3.9.3. This is a release that fixes one unfortunate regression in 3.9.2, and also adds some new features and plenty of improvements and bugfixes. 42 issues in total have been resolved. Some minor features and options and some bug fixes and stabilizations. Noteworthy changes: - Fixed a regression in 3.9.2 where you could not upload files in the admin GUI. - Certificate profiles can now specify a different signature algorithm than the CA. Useful to start migrating SHA1 CAs to issue SHA256 certificates. - Possibility to use part of user data in LDAP DN but not in certificate DN when publishing certificate to LDAP. - Possibility to set fixed end date of certificates in certificate profile and CA configuration. - Possibility to configure several notification services for expiring certificates, notifying at different times, i.e. 30 days, 7 days, etc. - Browser enrollment tested with Windows 7. - ECC improvements and fixes for CAs and HSMs, CA renew keys, CA import, brainpool curves, explicit ec parameters, clientToolBox etc. - GUI improvement to the admin GUI with nicer navigation menu and CSS. Contributed by Linagora, France. - cert-cvc: fixed rare possibility to get bad encoding of EC points in certificates. Contributed by DGBK, Netherlands. - CVC CA fixes and improvements for EAC PKI, approvals, import CAs, fix cli info command, .cvcert instear of .crt when downloading certs, etc. - Don't publish certificates for inactive CA services to LDAP. - Fix so renewing CA keys in admin GUI does not reload all CA tokens. - Fixed an OutOfMemory error when failing to publish large CRLs with connection closed error. - Fix download issues with IE for exported CA keystores. - Many small optimizations, fixes and improvements. Read the full changelog for details. For upgrade instructions, please see UPGRADE. Merry christmas, The EJBCA Team. |
From: Markus K. <ma...@pr...> - 2009-11-02 12:37:45
|
The PrimeKey SignServer team is happy to announce that SignServer 3.1 has been released! This is a major new version with lots of exciting functionality for document signing and validation. Development continues beyond this version and all requests from the community and from the EJBCA Developer Conference [1] are scheduled for SignServer 3.2 or later releases. More information is available at the project web site [2] and the complete changelog can be viewed in the issue tracker [3]. Release Notes: * New module system The byte code for a worker can be packaged as a separate module that can be loaded and unloaded at runtime. * New workers: XMLSigner/Validator Signing and validation of XML documents * New worker: ODFSigner Signing OpenDocument Format documents for instance used by OpenOffice.org * New worker: OOXMLSigner Signing Office Open XML documents * New worker: CRLValidator Validating certificates by looking up certificate revocation lists * New worker: OCSPValidator Validating certificates using the online certificate status protocol * New worker: MRTDSODSigner Signing EAC ePassports * Several other features, fixes and improvements [1] http://www.primekey.se/Community/ [2] http://www.signserver.org [3] http://jira.primekey.se/browse/DSS Regards, The PrimeKey SignServer team |
From: Markus K. <ma...@pr...> - 2009-10-23 07:14:35
|
The SignServer team is happy to announce that a new release is on its way! SignServer 3.1 is being scheduled for release within one or two weeks. The project is now entering feature freeze for 3.1 and all requests from the community and from the EJBCA Developer Conference [1] are scheduled for SignServer 3.2 or later releases. After the release more information will be available at the project web site [2] and the complete changelog can be viewed in the issue tracker [3]. Release Notes: * New module system The byte code for a worker can be package as a separate module that can be loaded and unloaded at runtime and with support for clustering * New workers: XMLSigner/Validator Signing and validation of XML documents * New worker: ODFSigner Signing OpenDocument Format documents for instance used by OpenOffice.org * New worker: OOXMLSigner Signing Office Open XML documents * New worker: CRLValidator Validating certificates by looking up certificate revocation lists * New worker: OCSPValidator Validating certificates using the online certificate status protocol * New worker: MRTDSODSigner Signing EAC ePassports * Several other features, fixes and improvements [1] http://www.primekey.se/Community/ [2] http://www.signserver.org [3] http://jira.primekey.se/browse/DSS Regards, The SignServer team |
From: Tomas G. <to...@pr...> - 2009-10-21 10:39:19
|
We are proud to announce the release of EJBCA 3.9.2. We believe this is the most stable release of EJBCA to date. This is a minor release but packed with new minor features and fixes, 38 issues have been resolved. Some minor features and options and many bug fixes and stabilizations. Noteworthy changes: - Sign and verify of files with clientToolBox when the private key is stored on a HSM. - Possible to limit signing keys for an external OCSP responder to keys within a set of key aliases. - Add support for the TSL signer extended key usage - Use improved validity period parsing in Certificate Profiles - Add option to use publisher queue or not for CRLs and certificates - Document MS application policies extension - Fixes for ejbcaClientToolBox.bat for windows platform - Timeouts for LDAP publishers to handle unstable LDAP servers - For issue where CRL service may stop running if database is stopped for some period - Change so that Issuing Distribution Point on CRLs is not used by default in CA configuration - Fix issue using IAIK provider with several CAs - Fix slow revocation if a user have many certificates - cert-cvc: getting expiration date returns 00.00 hours but it means it's valid the whole day - cert-cvc: bad encoding of EC points in certificates in rare cases where affineX and affineY is not same size - Many small optimizations, fixes and improvements. Read the full changelog for details. For upgrade instructions, please see UPGRADE. ---- Work has already started for EJBCA 3.9.3, as well as 3.10. For 3.9.3 we will for the first time in ages get some new bling on the admin GUI, thanks to David Carella in France who contributed some styles for the admin GUI. EJBCA 3.10 will have many changes, preparing for the big move to EJBCA 4.0. Among other things all configuration in properties files are now possible to store outside of the ear file, and change dynamically in runtime. Regards, The EJBCA team at PrimeKey. |
From: Tomas G. <to...@pr...> - 2009-08-16 17:17:36
|
Hi, we are pleased to announce the release of EJBCA 3.9.1. This is a minor release but packed with new minor features and fixes, 46 issues have been resolved. Noteworthy changes: - Improvements to public enrollment process including automatic renewal. - Ability to specify approvals on certificate profiles. - Configurable list of extended key usages. - Dynamic update of max-age and nextUpdate for OCSP responders, also per certificate profile. - In CRL update service you can select which CAs to generate CRLs for. - Possible to schedule CRLs more often than hourly. - Possible to remove soft CA key and possibility to import it back again. - Possibility to remove passwords from properties files. - Support for CRL distribution points with URI:s containing semicolon. - Transaction log for web service certificate issuance. - Possibility to specify Any CA in end entity profiles. - More flexible configuration of CA validity, years, months days. - Improved error message in GUI when HSM activation fails. - Many small optimizations, fixes and improvements. Read the full changelog for details. https://jira.primekey.se/browse/ECA?report=com.atlassian.jira.plugin.system.project:changelog-panel This is a plug-in upgrade for users of EJBCA 3.9.0. Visit EJBCA.org to download the latest release! Regards, The EJBCA team. |
From: Tomas G. <to...@pr...> - 2009-06-05 08:28:56
|
After much hard work, EJBCA 3.9.0 is finally released. This might just be the best release ever of EJBCA :-) Regards, The EJBCA team This is a major release adding many new features and improvements, and fixing numerous bugs. 126 issues have been resolved for this release. Check the changelog, there is a good chance that your favorite issue has been resolved. Some noteworthy changes: - Support for CAs using DSA keys. EJBCA now supports all major algorithms; RSA, DSA and ECDSA. - External RA improvements. CA service running as an EJBCA services gives full cluster functionality and support for multiple external RAs. As a bonus it is now much easier to install and configure. - Robust re-publishing mechanism for publishers that fail, running as an EJBCA service. - OCSP responder improvements with performance improvements and support for on-line renewal of OCSP responder keys and certificates. The external OCSP responder can now saturate high performance HSMs. - OCSP monitoring tool for monitoring synchronization between EJBCA and external OCSP responders. - GUI for configuring the external OCSP publisher with new options. - Possible to change OCSP signing keys in a running external OCSP responder. - New commands and stress tests in the client toolbox. - A new admin web gui front page with status overview panels. - Possible to configure status of certificates issued for end entities, i.e. issue certificate revoked "on hold". - New DN attribute, Name. - Performance improvement by caching and lowering number of database queries. - XKMS now works also on Java 6. - Possibility to set user validity start and end time in WS API. - Lots of small fixes and improvements to the admin GUI. - Lots of small bugfixes. - Keon CA to EJBCA migration guide. Read the changelog for details. Note that the configuration of External RA changed dramatically (to the better). If using the external RA, please read the manual how to install and configure the RA CA service in EJBCA 3.9. Note that this version brings database changes. Read the UPGRADE document for upgrade instructions. This release should, as always, work on JBoss, Glassfish, Weblogic and OC4J, together with most available databases. Changes ------- New Feature * [ECA-648] - Add a configurable revocation status to end entity profiles * [ECA-877] - Patch level showing * [ECA-987] - Add cli command for processing certificate requests in ejbca.sh * [ECA-1054] - User Certificate Validity Start/End Time as a editUser Web Service parameter * [ECA-1076] - CMP stress test * [ECA-1093] - Support for static custom enroll forms * [ECA-1100] - CAs using DSA algorithm * [ECA-1172] - Validity override in certificate profiles should be able to override startdate to set earlier start than "now" * [ECA-1188] - Permit to install on JBOSS with Tomcat Native Connector * [ECA-1202] - Implement extension override for PKCS#10 requests * [ECA-1203] - Allow DN override from requests * [ECA-1207] - Option in OCSP publisher to only use queue and not publish directly * [ECA-1213] - Display length of publisher queue in external OCSP GUI * [ECA-1218] - Stand-alone monitoring tool for comparing CA and OCSP databases * [ECA-1219] - Add CA status overview portal on first page of admin GUI * [ECA-1220] - Show certificate profile id in admin GUI * [ECA-1222] - Show CA id in Admin GUI * [ECA-1242] - Configurable to show CA status on front page * [ECA-1263] - Add new WS stress-test to test behaviour when there are many certificates per user Improvement * [ECA-550] - Bad error message when receiving PEM files from external CA * [ECA-603] - Add a property to specify the module to use when using nCipher HSM * [ECA-857] - Improve error message "Error occured when receiving file, are you sure it is valid and in PEM encoding." * [ECA-878] - Start up welcome page(s) admin and normal one * [ECA-965] - Hide CRL-related fields when creating a CVC CA * [ECA-988] - Document database privileges * [ECA-1003] - EJBCA CLI requires APPSRV_HOME * [ECA-1008] - A CA could be activated with any password (PIN) after it has been deactivated * [ECA-1011] - Output time of successful ant commands often used in development * [ECA-1041] - Errormessage "User xxxx has status '40', NEW, FAILED or INPROCESS required" could be improved * [ECA-1067] - JavaScript "Enabled" test * [ECA-1074] - Add Name DN attribute to supported attributes * [ECA-1094] - CN for httpsserver.dn property can be inherited from httpsserver.hostname * [ECA-1101] - ExtRA: Make RA CA service as an EJBCA service and make clusterable and support multiple RAs * [ECA-1129] - use same functionality in the OCSP respnder as in the CA to handle P11 HSMs * [ECA-1131] - Filter what is published to CertificateData on standalone OCSP * [ECA-1139] - Use Commons Configuration for OCSP config * [ECA-1163] - Save/cancel certificate profiles should bring you back to profiles list * [ECA-1165] - required and modifyable checkboxes for username in entity profiles not needed * [ECA-1166] - Rename mozilla/netscape to firefox * [ECA-1167] - activatecas cli command should be able to prompt for activation code * [ECA-1168] - Don't display the password user types in import CA command. * [ECA-1170] - Display signature algorithm with providers text in view certiifcate * [ECA-1175] - Improve default DB2 CMP mapping * [ECA-1176] - Add cvcwscli.cmd for windows * [ECA-1178] - Add issuerDN to edit CA page * [ECA-1179] - Possible to specify multiple parameters in cmp.ra.namegenerationparameters * [ECA-1180] - Be able to specify Any CA in end entity profiles * [ECA-1196] - Change ERROR to INFO message for mail notifications * [ECA-1198] - Implement robust re-publishing if publishing fails * [ECA-1199] - Don't log error for missconfigured service that is not active * [ECA-1200] - GUI for the External OCSP Publisher * [ECA-1208] - Log4jLogDevice logs INFO exceptions as ERROR * [ECA-1209] - Upgrade certificateProfileId to new server profile during 'ant upgrade' to avoid problems on SSL certificate renewal. * [ECA-1215] - Don't set start and end time for end entity if not entered * [ECA-1221] - Ugly error message in LDAP publisher if no certificate to remove exists * [ECA-1231] - Optimize performace of getCertificateInfo * [ECA-1233] - Prevent accidental runs of JUnit tests and deploy/ocsp-deploy in production environment * [ECA-1235] - No point in swapping identical times * [ECA-1240] - Remove error log for cases where CVC sequence is not numerical, we handle it gracefully. * [ECA-1249] - ClientToolBox PKCS11 operations echoes the password back to the user * [ECA-1255] - AdminGroupData etc should be marked as read-only for get methods * [ECA-1256] - Optimize authorization to lower number of SQL queries for AuthorizationTreeUpdateData * [ECA-1259] - Rename List button to Search * [ECA-1260] - Rename "Create Server Certificate" to "Create Certificate from CSR" * [ECA-1261] - improve behaviour of External CAs * [ECA-1265] - Error messages that we handle when editing users should be info * [ECA-1267] - Inherit getCATokenStatus() from BaseCAToken on SafeNetLunaCAToken * [ECA-1269] - Improve performance by caching common database queries * [ECA-1271] - ca init cli commands should be able to create sub CAs * [ECA-1290] - Don't log error creating CRLs when a CA is offline * [ECA-1291] - CRL service should not try to create CRLs for external CAs Task * [ECA-1116] - Avoid usage of class strings * [ECA-1173] - Drop upgrade support for EJBCA 3.1.x * [ECA-1195] - Upgrade to BC 1.43 * [ECA-1205] - Create new tag-field for CertificateData to be able to distinguish between different certificate types in database queries * [ECA-1214] - Ask for algorithm before key size in installation script * [ECA-1247] - Add KCA-EJBCA migration guide to docs * [ECA-1297] - Warnings about incorrect JSF navigation rules during startup Bug * [ECA-632] - Path length constraints not selectable in cert profile * [ECA-922] - DBCHANGE: Particular Log query with ProtectedLog fails on Derby * [ECA-1077] - Not possible to get algorithm name from OID for CMP with latest BC * [ECA-1085] - Email notifications may not treat foreign characters correct * [ECA-1109] - Rare threading issues in OCSP certificate cache * [ECA-1110] - XKMS only works with JDK 1.5 * [ECA-1122] - Cancel button on Edit Certificate Profiles page doesn't work. * [ECA-1135] - Do not issue CRLs for expired CAs * [ECA-1137] - Serialnumbers starting with 0 do not behave properly * [ECA-1138] - nCipherHSM script with preload is broken * [ECA-1142] - First delta CRL is not issued when a CA is created * [ECA-1147] - NullpointerException in ProtectedLog * [ECA-1156] - OCSP ClientToolBox test failing when CA key is signing the OCSP response. * [ECA-1157] - NullPointerException when invoking createcrl CLI with bad CA name * [ECA-1160] - When a fast HSM is used then OCSP responder is not as fast as it should be. * [ECA-1162] - external OCSP responder freezing after HSM failure. * [ECA-1164] - Hex serial number for admin certificates in admin groups should not be limited to only 16 char hex strings * [ECA-1169] - Error verifying JCE using pkcs12req WS cli * [ECA-1171] - Possible to change OCSP signing keys in a running external OCSP responder. * [ECA-1174] - Can not batch generate users using SHA256WithRSAAndMGF1 * [ECA-1186] - Batch generation set user status to generated even if request counter exists * [ECA-1187] - no such provider BC when EJBCA starts when protected log is enabled * [ECA-1191] - Unable to deploy on PostgreSQL + Glassfish combination * [ECA-1193] - cli.xml ejbca:noprompt missing ca.signaturealgorithm property * [ECA-1194] - "ejbca.sh ca info" fails for ECDSA CA * [ECA-1201] - Incorrect display of HTML escaped characters on Access Rules comboboxes * [ECA-1216] - Add userPassword in LDAP should only happen if addNonExisting or modifyExisting is checked * [ECA-1217] - Possible extensive CPU usage for crafted messages to CMP RA service (not default config) * [ECA-1223] - NullpointerException in CMP when unknown keyId is sent * [ECA-1224] - CertTools.getCertfromByteArray never throws CertificateException as the JavaDoc says but can return null * [ECA-1225] - Freshest CRL extension (aka Delta CRL Distribution Point) on a CRL must not be critical * [ECA-1227] - AccessRules link for admin privileges does not work on weblogic or oracle * [ECA-1229] - Internalresources may fail in rare contidtions * [ECA-1234] - Error message is shown when editing end entity profiles when no printers are defined * [ECA-1245] - CRL reason entry extensions in CMP revocation requests are not read * [ECA-1246] - Deadlock when load testing CMP with same user * [ECA-1248] - Cannot unselect last Custom Certificate Extension in Certificate Profile * [ECA-1254] - ProtectedLog reloading CA token unnessecarily * [ECA-1257] - Importing wrong certificate using PKCS11 will make the key unavailable on nCipher netHSM * [ECA-1258] - cursor:hand style on links should be cursor:pointer * [ECA-1266] - Upgrade may cause "use authority information access" to be enabled though it was not before in certificate profile * [ECA-1268] - Missing Exception handling for super.deactivate() calls on SafeNetLunaCAToken * [ECA-1272] - Authorization issue during stress test * [ECA-1273] - Services will stop running if database goes down * [ECA-1293] - ProtectedLog on idling system warns about missing log rows if protectionIntensity > 0 * [ECA-1294] - Issuing certificate with + sign does not work in cmp requests * [ECA-1295] - Error making advanced log search for CA on DB2 * [ECA-1296] - Fetching cert or keystore from Public Web generates an error when cert-profile is the default in UserData |
From: Tomas G. <to...@pr...> - 2009-06-04 18:51:53
|
We just released two very minor releases. EJBCA 3.8.3 with just three fixes. The cert-cvc library with only modifications to make two constructors visible to outside code. This release of EJBCA makes way for the imminent release of EJBCA 3.9.0. A major new release with lots and lots of fixes. EJBCA Release notes: This is a minor release with only a few fixes Read the changelog for details. - Fixed unability to deploy on PostgreSQL + Glassfish combination. - Fixed possible extensive CPU usage for crafted messages to CMP RA service (not default config). - Fixed Ugly error message in LDAP publisher if no certificate to remove exists. For upgrade instructions, please see UPGRADE. EJBCA changes: Improvement * [ECA-1221] - Ugly error message in LDAP publisher if no certificate to remove exists Bug * [ECA-1191] - Unable to deploy on PostgreSQL + Glassfish combination * [ECA-1217] - Possible extensive CPU usage for crafted messages to CMP RA service (not default config) Regards, The EJBCA team |
From: Johan E. <ejb...@pr...> - 2009-03-29 11:20:07
|
This is a minor release adding improvements and bugfixes - Add street and pseudonym DN attributes. - OCSP improvements, RFC 5019, nextUpdate, support for requests using GET, improved configuration and error handling. - Correct coding of optional Issuing Distribution Point in CRLs. - Possible to publish userPassword in LDAP. - A few minor fixes. Cheers, EJBCA Team New Feature * [ECA-552] - Add support for nextUpdate, thisUpdate and producedAt in OCSP responses * [ECA-1124] - Configurable to use HTTP headers for standalone OCSP * [ECA-1053] - Pseudonym as a subject DN attribute * [ECA-1133] - Configurable in ExternalOCSPPublisher to only publish certificates with and OCSP URI extension. Improvement * [ECA-1123] - Create dummy object for TransactionLogger and AuditLogger * [ECA-1088] - Default public exponent for lunaHSM.sh should be 65537 (0x1001) * [ECA-1055] - Support OCSP by HTTP GET * [ECA-1117] - Use info instead of error messages in Standalone OCSP Responder. * [ECA-1144] - Add "userPassword" attribute in LDAP publisher * [ECA-1114] - Add street DN component * [ECA-1096] - Improve handling of invalid requests and streams in OCSP responder * [ECA-1146] - Stress Test does not print out no of failed tests * [ECA-748] - Order certificates in view certificates with newest first * [ECA-1121] - Unnecessary signing operations Bug * [ECA-1158] - CA-certificate, but no signing key from a CA on the external OCSP generates an Exception * [ECA-1141] - CRL Distribution Point in CRLs must be encapsulated into an Issuing Distribution Point * [ECA-1092] - Code not thread-safe in certificate-request Servlet * [ECA-1154] - Concurrency issue when reloading soft keys for external OCSP responder * [ECA-1113] - JCE error on JBoss 5 on some platforms * [ECA-1148] - ServiceData cached in bean making synchronization between cluster nodes fail. * [ECA-1090] - Wrong encoding of issuer DN on retrieval public web pages * [ECA-1150] - Wrong language tag for "Certificate Validity End Time" in viewendentity.jsp * [ECA-1095] - Allow comma in directoryName subject alt names * [ECA-1145] - CvcRequestMessage not serializable * [ECA-1143] - Freshest CRL is lost when creating a new CA |
From: Henrik A. <ej...@ha...> - 2009-02-19 09:40:38
|
Hi all! I've released syscheck 1.4.1 What is syscheck? Framework written in /bin/sh to monitor server and (ejbca among other)application health, send a standardized message with syslog to a central server that monitors all nodes in a trust center. Why (there are lots of tools doing this already)? We found that most system uses a "agent" installed on the server, and often it needs to run as root, we couldn't have either of that in a hig security environment. Thus syscheck was born. What does it do (the scripts)? regular server checks (sc_01_diskusage.sh sc_03_memory-usage.sh sc_06_raid_check.sh sc_07_syslog.sh sc_09_firewall.sh sc_14_sw_raid.sh sc_15_apache.sh sc_16_ldap.sh sc_17_ntp.sh sc_18_sqlselect.sh sc_19_alive.sh sc_28_check_vip.sh) specific to a ca (sc_02_ejbca.sh sc_04_pcsc_readers.sh sc_05_pcscd.sh sc_08_crl_from_webserver.sh sc_10_cluster_master_db.sh sc_11_heartbeat.sh sc_13_heartbeat-master.sh sc_18_sqlselect.sh sc_19_alive.sh sc_20_errors_ejbcalog.sh ) other systems: (sc_22_boks_replica.sh sc_23_rsa_axm.sh sc_24_weblogic.sh sc_27_dss.sh) It also covers the regular jobs a admin needs to do, by hand or automaticly (cron) 900_export_cert.sh 901_export_revocation.sh 902_export_crl.sh 903_make_hsm_backup.sh 904_make_mysql_db_backup.sh 905_publish_crl.sh 906_ssh-copy-to-remote-machine.sh 907_make_mysql_db_backup_and_transfer_to_remote_mashine.sh 908_clean_old_backups.sh 909_activate_CAs.sh 910_deactivate_CAs.sh 911_activate_VIP.sh 912_deactivate_VIP.sh 913_copy_ejbca_conf.sh 914_compare_master_slave_db.sh 915_remote_command_via_ssh.sh 916_archive_access_manager_logs.sh 917_archive_file.sh 918_server_alive.sh Homepage: http://wiki.ejbca.org/syscheck Download: https://sourceforge.net/project/showfiles.php?group_id=39716&package_id=58346 Please contribute //Henrik "kinneh" Andreasson |
From: Tomas G. <to...@pr...> - 2009-01-29 12:29:15
|
This is a minor release, targeted for adding support for JBoss 5 and fixing a mistake that caused install on Glassfish to fail. It also adds a few minor improvements and bugfixes. - Add support for JBoss 5. - Fix support for Glassfish caused by a forgotten commit in 3.8.0. - Improve support for Weblogic 10.3. - Fix support for IPv6 subject alternative names. - A few minor CMP, OCSP and CVC fixes. Change log: Improvement * [ECA-966] - NPE when using a non-existing ECC algorithm during CVC CA creation * [ECA-983] - Allow logging of REPLY_TIME in both audit and transaction logs * [ECA-1006] - Database index script fails for MySQL using UTF-8 * [ECA-1057] - Run EJBCA in JBoss 5.0 * [ECA-1059] - Fix ipv6 altname ipaddress and allow it in admin-GUI * [ECA-1060] - Throw CertificateExpiredException when certificate used to verify cvc request has expired * [ECA-1070] - Windows .BAT file for using clientToolBox * [ECA-1080] - Option to set internally used password in CMP * [ECA-1081] - Improve support for Weblogic 10.3 * [ECA-1086] - Allow to set null password in WS cli editUser call * [ECA-1087] - Increase timeout for CRL generation transaction on JBoss and document how it could be done Bug * [ECA-984] - ejbca.cmd does not work with spaces in JBoss path * [ECA-1039] - CVC certificate requests with error leaves user status as new * [ECA-1040] - cvcgetchain does not return latest cert * [ECA-1056] - REQUIREDCARDNUMBER language string missing * [ECA-1061] - Wrong header displayed for different groups of access rules * [ECA-1062] - Verifying OCSP requests can throw InvalidKeyException which is not caught * [ECA-1063] - Not working on Glassfish * [ECA-1068] - CMP tcp service does not work on JBoss 5 * [ECA-1069] - Wrong errormessage in checkValidity when endDate is wrong * [ECA-1071] - OCSP responder does not handle TelephoneNumber, PostalAddress and PostalCode in DN * [ECA-1079] - KeyId decoding in CMP uses platform charset * [ECA-1084] - External RA: SCEP enrollment from Cisco IOS gets wrong DN |
From: Tomas G. <to...@pr...> - 2009-01-19 13:33:39
|
This is a minor release making some small changes to the CVC WS-API and adding REPLY_TIME to OCSP audit logs. We're not updating the ejbca homepage, since EJBCA 3.8.0 is the recommended release, unless you are after a minor release fixing exactly these issues. Cheers, EJBCA Team Changelog: New Feature * [ECA-1035] - Add Brazilian Portuguese Translation Improvement * [ECA-983] - Allow logging of REPLY_TIME in both audit and transaction logs * [ECA-1031] - Get server certificate in public web shoud not show password * [ECA-1032] - Add cli command to convert cvc certificates between binary and pem * [ECA-1036] - Hide keytool-errors during install. * [ECA-1060] - Throw CertificateExpiredException when certificate used to verify cvc request has expired Bug * [ECA-244] - Problem during installation with schema: DC=bigcorp,DC=com * [ECA-1037] - CLI for fetching user certificate fails * [ECA-1039] - CVC certificate requests with error leaves user status as new * [ECA-1040] - cvcgetchain does not return latest cert * [ECA-1042] - LdapPublisher does not work with CVC certificates * [ECA-1044] - Nullpointer in BasicFunctions when admin not authorized to CA * [ECA-1046] - view certificate on Public web gives error for CVC certificates * [ECA-1065] - Password needed to update CVC certificate with WS-API * [ECA-1069] - Wrong errormessage in checkValidity when endDate is wrong |
From: Tomas G. <to...@pr...> - 2008-12-15 13:06:30
|
We're glad to announce the EJBCA 3.8.0 as an early christmas present. This is a major release, particularly focusing on support for administrators to log in with certificates from other CAs, not in EJBCA. Read the changelog for details. Notable changes in no specific order: - Restructure administrator validation to allow admins using externally issued certificates. - Add a CLI subcommand to add an administrator in an admin group using the serial number. - Drop administrator flag in end entities, it's not needed, makes configuration easier together with remade admin GUI. - Possible to generate CA PKCS#10 request without giving CA certificate. - Add support for SEIS Card Number extension. - Added KRB5PrincipalName subjectAltName. - Option in certificate profiles for reversing DN order. - Enroll for CV certificate on public web. - Upload PEM or binary certificate requests on public web. - Possible to sign releases and deployed code. - Enhanced basic custom certificate extension. - Command to list objects in Luna HSM partition. - Some bug fixes. For upgrade instructions, please see UPGRADE. NOTE: There are database upgrades in this release, so read UPGRADE carefully. Because there are binary files in EJBCA_HOME/lib changed there is no patch file for upgrading EJBCA 3.7.x to 3.8.0. Use the full package from EJBCA 3.8.0 and follow the upgrade instructions in UPGRADE. Note that if using JBoss, you need JBoss 4.2.x or later to run EJBCA 3.8.x. Changes ------- New Feature * [ECA-904] - Add a CLI subcommand to add an administrator in an admin group using the serial number * [ECA-935] - Restructure administrator validation to allow admins using externally issued certificates * [ECA-953] - List objects in Luna HSM partition * [ECA-969] - Possible to generate CA PKCS#10 request without giving CA certificate * [ECA-993] - Add KRB5PrincipalName subjectAltName * [ECA-1000] - Sign releases and deployed code * [ECA-1007] - Enhanced basic certificate extensions * [ECA-1033] - Possible to enroll for CV certificates on public web * [ECA-1051] - Possibility give a user defined DN to a new certificate request for an HSM Improvement * [ECA-917] - Allow to use inverse LDAP order in DN for end entities * [ECA-918] - Handle web service error code when CA is down * [ECA-936] - Drop administrator flag in end entities * [ECA-937] - Allow use of emailAddress in Admin interface * [ECA-963] - Ability to distinguish between non-existing CA and authorization problems through WS * [ECA-990] - Allow auto-activation of CAs dispite not having strong crypto policy installed * [ECA-1001] - tool to change key alias * [ECA-1012] - Option to enter email manually for import cert cli command * [ECA-1014] - Display ejbca version in startup log message * [ECA-1016] - Make error messages from CertReqServlet localizeable * [ECA-1034] - Use TRACE logging for certain debug log * [ECA-1038] - Use Commons Configuration for CMP service * [ECA-1043] - Upload of binary certificate requests in public web enrol * [ECA-1045] - Add support for SEIS Card Number extension in certificates * [ECA-1049] - CMP raVerified can sometimes by zero bytes DEROctetString instead of DERNUll Task * [ECA-971] - ExtRA: upgrade to commons-lang 2.4 and commons-collections 3.2 * [ECA-1013] - Upgrade BC to 1.41 Bug * [ECA-664] - Adding Administrator Access rule; username with not-allowed character is possible * [ECA-782] - Listing user certificates from the public web fails if the serial number of the cert begins with "0" * [ECA-882] - Add Administrator - cert serial number not checked * [ECA-968] - Key length changes when editing CA in admin-GUI * [ECA-970] - LdapPublisher searches for old objects on certDN instead of Ldap DN * [ECA-972] - Merge on DN - Problems with rfc822name and email * [ECA-992] - Cannot add "OtherName" SubjectAltName in end entity profile * [ECA-996] - Merge of DN doesn't work properly * [ECA-1046] - view certificate on Public web gives error for CVC certificates * [ECA-1048] - Can not install with initial CA with space in name |
From: Tomas G. <to...@pr...> - 2008-11-18 14:05:52
|
This is a minor release that replaces 3.7.3 where initial install was broken. It has a few additional fixes from 3.7.3 as well. - Substitute email from- and to- as well in user notifications - Create a built-in Server certificate profile - OCSP improvements We are very sorry for the inconvenience you who tried to make a fresh install with 3.7.3, before we pulled it from download, encountered. Read the changelog for details. This is a plug-in upgrade from 3.7.x. See UPGRADE for the simple instructions. Changes: ------- New Feature * [ECA-1024] - Substitute email from- and to- as well in user notifications Improvement * [ECA-1021] - Fix the default ENDUSER Certificate Profile * [ECA-1026] - Create a built-in Server certificate profile Bug * [ECA-1023] - External RA SCEP service fails on cisco message with wrongly encoded request extension * [ECA-1025] - Missing ErrorCode class in ejbca-util.jar * [ECA-1027] - OCSP should not respond with responseBytes when an error code is sent * [ECA-1029] - OCSP responder should answer with OCSP error MalformedRequest when a badly encoded request is received |
From: Tomas G. <to...@pr...> - 2008-10-31 12:50:25
|
Happy halloween. To keep you safe inside tonight there's a new fabulous release of EJBCA out. You should check out the External OCSP responder in EJBCA, it's really good. This is a minor release with focus on fixing making OCSP optimizations, introducing some minor features and fixing a few annoying bugs. - Add Intel AMT extended key usage - Optimize OCSP servlet for better performance - OCSP responder improvements: reload of p11 when connection broken, return error of audit logging fails. - CA certificates with SerialNumber in DN does not work with External OCSP - WS-API, make mathtype contains with with matchwith username - Key length changes when editing CA in admin-GUI - Minor GUI fixes. Read the changelog for details. This is a plug-in upgrade from 3.7.x. See UPGRADE for the simple instructions. Changes: New Feature * [ECA-974] - Add Intel AMT extended key usage * [ECA-1005] - Give OCSP error if audit or transaction logging fails Improvement * [ECA-950] - Optimize OCSP servlet * [ECA-973] - external OCSP responder: trying to reload the p11 provider when the HSM removed/disconnected. * [ECA-976] - WS-API, make mathtype contains with with matchwith username * [ECA-982] - Explicitly close maintenance file in health check * [ECA-989] - add cmd=deltacrl command on CertDistServlet (with patch) Bug * [ECA-957] - ocspclient.jar cannot handle answers with responderID of type Name. * [ECA-959] - Public web can give NPE in rare conditions * [ECA-960] - reference to "bin/ejbca.sh ca processreq" in manual * [ECA-968] - Key length changes when editing CA in admin-GUI * [ECA-970] - LdapPublisher searches for old objects on certDN instead of Ldap DN * [ECA-975] - CA certificates with SerialNumber in DN does not work with External OCSP * [ECA-977] - Error editing RenewCAWorker if CA has been removed * [ECA-978] - NullPointerException using WS-API to revoke non-existing certificate * [ECA-979] - The transactionlogger and auditlogger set incorrect CERT_STATUS and STATUS * [ECA-985] - Wrong default value for OCSP helathcheck database query * [ECA-986] - Can't run ejbca.sh from $EJBCA_HOME/bin * [ECA-995] - getAuthorityInformationAccessOcspUrl in CertTools fails to retrieve OCSP Locator url from AIA for cert with mutliple AIA points * [ECA-997] - Error publishing deltaCRL to LDAP * [ECA-999] - CRLIssuer can not be removed in CDP * [ECA-1009] - Validity of certificates in signed OCSP requests not checked for expiration |
From: Tomas G. <to...@pr...> - 2008-10-06 13:01:35
|
We're releasing a couple of point releases just to keep the branches up to date as well. We still recommend EJBCA 3.7.1 for production. These are both minor releases aimed to fix a few issues found, most notable: - Upgrade fails to set internal state of CA expire time for externally signed CAs - Key length changes when editing CA in admin-GUI - LdapPublisher searches for old objects on certDN instead of Ldap DN If you have been affected by any of these issues, and want to keep running your older version, you can upgrade to these versions. For the key length change issue, there is also a CLI command that can be used to reset/change the value to your desired value. This can also be used to change algorithm or key length when renewing a CA. Regards, The EJBCA team Changes: 3.6.3, 2008-10-06 --- Bug * [ECA-952] - Entity Profile : the text "Use entity e-mail field" is not localizable * [ECA-954] - TestProtectedLog fails if ProtectedLogDevice is not enabled in configuration * [ECA-955] - PKCS11 support problem on OCSP responder * [ECA-957] - ocspclient.jar cannot handle answers with responderID of type Name. * [ECA-968] - Key length changes when editing CA in admin-GUI * [ECA-970] - LdapPublisher searches for old objects on certDN instead of Ldap DN 3.5.9, 2008-10-06 --- Improvement * [ECA-891] - Avoid unnecessary database searches during HealthCheck Bug * [ECA-886] - Upgrade fails to set internal state of CA expire time for externally signed CAs * [ECA-906] - EjbcaHealthCheck may use same session bean object for concurrent accesses * [ECA-968] - Key length changes when editing CA in admin-GUI |
From: Tomas G. <to...@pr...> - 2008-09-16 03:23:29
|
Hi, We are pleased to announce EJBCA 3.7.1. This release primarily focuses on ePassport ECC support, but there are some other minor improvements in there too. This is a minor release with major focus on enhancements to CVC CA support for EU EAC ePassport PKIs. - Support for both RSA and ECC with all EAC algorithms. - Interoperability fixes tested with other implementation at the Prague 2008 event. - Usability enhancements for CVC PKIs, for example download and import of binary certificates. - Changes to the CVC cli to mimic the WS-API functions. - Fixed that upgrade from 3.6 to 3.7 causes error when autogenerated password are used - Other minor bugfixes. Read the changelog for details. This is a plug-in upgrade from 3.7.x. See UPGRADE for the simple instructions. Because there are binary files in EJBCA_HOME/lib changed there is no patch file for upgrading EJBCA 3.7.0 to 3.7.1. Use the full package from EJBCA 3.7.1 and follow the upgrade instructions in UPGRADE. Changes: New Feature * [ECA-896] - CVC support for EC keys * [ECA-925] - Import of external CA certificates * [ECA-940] - possibility to use an EC key stored on a HSM Improvement * [ECA-748] - Order certificates in view certificates with newest first * [ECA-927] - CVC requests should not include CARef if null * [ECA-928] - cvcprint cli command should handle verification of authenticated requests * [ECA-934] - Possible to authenticate CVC request by outer CA signature * [ECA-941] - Possible to download CA certrequests and certs as binary * [ECA-942] - possible to receive certiifcate requests and certs in binary format * [ECA-946] - Not possible to create CVC link certificates with soft CA tokens * [ECA-947] - Making certificate request from a CA should ask for CA cert of target CA * [ECA-948] - cvcrequest cli command should not automatically add end entities * [ECA-951] - Possible to set sequence of catoken manually Bug * [ECA-926] - CVC requests can be assigned to wrong CA when sequence is same * [ECA-930] - cert-cvc: authenticated requests does not include CARef in TBS * [ECA-931] - getrootcert cli command does not work for CVC certificates * [ECA-932] - CVC requests from SubCAs does not have the target CA as CARef * [ECA-939] - Upgrade 3.6 to 3.7 cases error when autogenerated password are used * [ECA-943] - NullPointer when clicking Sign Certificate Request * [ECA-944] - Import soft CVCA does not set sequence * [ECA-945] - Not possible to delete admin entities with ' in name * [ECA-949] - Make certificate request button should not be available for external CAs * [ECA-956] - NullPointerException in LdapPublisher when base node does not exist |
From: Tomas G. <to...@pr...> - 2008-09-16 00:19:46
|
This release of the library for CV certificates, as used in EU EAC ePassport PKIs, adds support for HSMs for ECC signatures. There was wan issue in 1.2.7 that made the signatures not work when using an pkcs#11 signature provider. This in turn is because the EAC specification decided not to use the standard X9.62 signature format for ECC signatures. Regards, Tomas |
From: Tomas G. <to...@pr...> - 2008-09-01 12:04:30
|
This release of the CV certificate library, for EAC 1.11 ePassports, contains full support for both RSA and ECC algorithms. This marks another milestone for ePassport support in EJBCA. The cert-cvc library now has full support and can be freely used by anyone under the LGPLv2 license. Changes: - Support for ECC keys and signatures, need BC version 1.41 which is included in svn. - Fix bug where outer signature in authenticated requests did not include CARef in TBS - Don't add caRef if not passed, or passed as null, to CertificateGenerator. - Translations of Swedish javadoc to English. Regards, Tomas |
From: Tomas G. <to...@pr...> - 2008-08-28 15:18:54
|
We are very proud to release this first version of EJBCA with EU EAC ePassport support. This means support for CVC certificates, which are very different from X.509 certificates. This is a major release, particularly focusing on support for CVC certificates as used in EU EAC ePassport PKI. Read the changelog for details. Notable changes in no specific order: - Support for CV Certificates (CVC) for EU EAC ePassports, you can now build a CVC PKI for EU ePassport using EJBCA. - Upgrade of jaxb jars using for Webservice API, and new WS-API calls. - Support for error codes in Exceptions from Webservice API. - New service to automatically renew expiring CAs. - Possible to use IAIK PKCS#11 provider as well as Sun PKCS#11. - Client Tool box with client CLI tools easy to deploy stand-alone on other machines. - Minor fixes and enhancements. For upgrade instructions, please see UPGRADE. There are no database upgrades in this release. Because there are binary files in EJBCA_HOME/lib changed there is no patch file for upgrading EJBCA 3.6.x to 3.7.0. Use the full package from EJBCA 3.7.0 and follow the upgrade instructions in UPGRADE. Changes: ------- New Feature * [ECA-792] - Support for CV Certificates (CVC) for EU EAC ePassports * [ECA-811] - Possible to create certificate request from any CA * [ECA-825] - WS-API call to get users last cert and chain * [ECA-827] - Service to renew CAs * [ECA-830] - Possible to use IAIK PKCS#11 provider instead of Sun * [ECA-920] - Client tool box. Improvement * [ECA-819] - New WS-API call to get EJBCA version * [ECA-871] - Enhance error management in EJBCA web services. * [ECA-893] - Able to use TelephoneNumber and PostalAddress in DN and publish to LDAP attributes * [ECA-915] - Display hostname on admin-GUI * [ECA-923] - Use of EEP informations when using WS editUser. * [ECA-929] - Handle error code if certificate revocation has been invoked twice. Bug * [ECA-813] - Upgraded profiles not saved until edited * [ECA-829] - Advanced mode for log viewer is not working * [ECA-832] - syscheck script sc_08_crl_from_web.sh shell problem * [ECA-839] - Problem activating CA tokens for expired CAs * [ECA-879] - Failure to create a new CA due to CRL creation failure * [ECA-921] - EjbcaHealthCheck does not work on OC4J * [ECA-924] - Language variable misspelled (name="UTF8") |
From: Tomas G. <to...@pr...> - 2008-08-20 08:20:27
|
After lots of work 3.6.2 is now released. This is a minor release but with a record amount of fixes for a point release. New features, improvements and a lot of bugfixes rounding a lot of rough edges. Some very notable changes are: - Major improvements to the External OCSP responder with more configuration options and completely new Audit and Account logging. With the new, highly configurable, logging it is suitable for using as a service charging for, and auditing, requests. - New documentation feature with on-line documentation deployed in the Web interface by default. Question mark links from options that are hard to understand in the Admin-GUI are now possible. - Lots of improvements to the Admin-GUI with configuration for autogenerated passwords and fixing a lot of small GUI bugs and quirks. - Fail over mechanism for the LDAP publisher. - Improved documentation for more HSMs, Admin-GUI, etc. - Improvements for other app servers apart from JBoss. - MS document signing extended key usage, and tool for importing certificates from MS CA. - Lots and lots of small bugfixes. - Updated translations. Read the changelog for details. This is a plug-in upgrade from 3.6.x. See UPGRADE for the simple instructions. Changes ------- New Feature * [ECA-348] - Option to generate non-exportable private keys in IE * [ECA-739] - Accounting log on OCSP responder * [ECA-740] - When requiring signed OCSP request, configure allowed issuers * [ECA-865] - Add tool for importing certificates from a MS CA * [ECA-876] - Generated documentation should be reachable from within the EJBCA Web GUI * [ECA-908] - Support MS document signing extended key usage * [ECA-914] - Configure if OCSP responses should use KeyId or Name as ResponderId Improvement * [ECA-390] - Make it possible to select password generation parameters for autogenerated user password * [ECA-547] - Send custom certificate publisher information found in certificate or CRL. * [ECA-640] - Popup window with valid ${Foo} variables near any field in which they can be used * [ECA-657] - Import and export of end entity profiles should not have to depend on existing CAs. * [ECA-696] - Import profiles improvement. * [ECA-760] - Relocate 'p12' to 'ejbca-custom' if/when present (by default) * [ECA-765] - Log whenever an attempt to activate a CA with the wrong activation code is made * [ECA-789] - Display issuer in listcas cli command * [ECA-790] - ejbcarawscli should print error message if it can not find the admin keystore * [ECA-795] - Notifications are not editable, but looks editable. * [ECA-810] - Make advanced search for ProtectedLog available * [ECA-822] - Default healthcheck db query causes table scan * [ECA-826] - EjbcaWsHelper makes double allocations when looking up remote beans * [ECA-833] - Simple LDAPPublisher failover * [ECA-854] - Remove confusing error message about not finding ejbca-custom directory when running ant * [ECA-859] - Delta CRL generation message * [ECA-870] - Accept PEM certificates with BEGIN TRUSTED CERTIFICATE * [ECA-872] - Improve public page for CA certificate retrieval * [ECA-874] - General JUint test improvements * [ECA-880] - Better defaults and help for Freshest CRL Extension / DeltaCRLs * [ECA-881] - Be able to drop the 0, O, l and 1 from the auto generated passwords * [ECA-884] - Add approvalDN variables to add/edit end entity notifications * [ECA-885] - Add email variables where possible for use in notifications * [ECA-887] - Document how validity is assigned for a CA * [ECA-913] - Configure if OCSP responses should include whoe cert chain or only signer Task * [ECA-702] - JDK 1.6 u4 causes EjbcaWS to stop working * [ECA-796] - Add documentation on how to use EJBCA with GemSAFE Toolbox * [ECA-805] - Update German translation Bug * [ECA-496] - When using a fixed Certificate Profile as template, the FIXED property is inherited. * [ECA-682] - WS Cli error message is not good when it cannot find the .jks file * [ECA-770] - Protected Log Device always sends 'missing row' email alerts when it shouldn't with MySQL using InnoDB * [ECA-783] - During the last step if IE enroll, the URL-path is missing the "ejbca"-part. * [ECA-788] - Bull TrustWay support * [ECA-793] - Using of module protected keys with netHSM-500 failed * [ECA-797] - Cannot activate a CA with a Safenet Luna SA Token. * [ECA-798] - A card key or a soft key must be defined in order to run the P11 external OCSP responder. * [ECA-802] - Exception when approving KeyRecovery * [ECA-803] - PKCS10 requests from OCSP responder uses null attributes * [ECA-806] - Equal error code contants in OCSPUnidResponse * [ECA-809] - ocsp cli client can not sign requests * [ECA-812] - EJBCA 3.6 does not deploy on Glassfish * [ECA-815] - NullpointerException downloading CA certificated without CN * [ECA-817] - Possible NullpointerException when no extended information exists for user * [ECA-820] - Signing CMP responses does not work with most PKCS#11 HSMs * [ECA-823] - Deadlock in ProtectedLogData with stresstest * [ECA-824] - CA activation page does not display correct for Expired CAs * [ECA-831] - High load on ProtectedLog might generate false alarm on MySQL * [ECA-836] - Email notifications are not able to handle autogenerated passwords. * [ECA-837] - PKCS10 with no attributes causes NullPointer exception * [ECA-841] - ExtRA PKCS12 request does not work with approvals * [ECA-843] - Some words not localizables in CA Activation * [ECA-850] - CN name like 'Graham O'Regan' cannot be entered case sensitive in the 'Add Administrator' * [ECA-851] - No messages are created during CA Activation * [ECA-861] - Misdirected error output from "ra listusers" CLI to standard output * [ECA-866] - Import of externally chained PEM failes * [ECA-875] - Trying to reset Subject AltName or Email for a end entity fails * [ECA-888] - Profiles allow you to enter things like 'Peter & Partners' in the O and OU field - but a 'Add Entity' will fail * [ECA-889] - NPE when running TestEjbcaWS * [ECA-895] - Batch generation doesn't work on initial user creation (WebUI / profiles) * [ECA-898] - Incorrect initialization of NumberArray in EndEntityProfile causes annoying log output * [ECA-901] - email modified in LDAP even if attributes should not be modified * [ECA-902] - LdapSearchPublisher can not modify attributes * [ECA-903] - LdapSearchPublisher uses Ldap DN instead of Cert DN to search * [ECA-905] - java.lang.NullPointerException when creating new end entity with only end time, with end entity profile limitations enabled * [ECA-909] - OCSP responder not working on Weblogic * [ECA-911] - OCSP not responding for CAs that have been notified about expiration * [ECA-912] - NPE on Glassfish on error.jsp in publiweb |
From: Tomas G. <to...@pr...> - 2008-07-23 07:56:34
|
EJBCA 3.5.8 is a minor release on the stable branch. You should only be interesed in this if you are sticking with 3.5.x instead of moving to 3.6.x. And only if you have had any of the below small issues. This is a plug-in upgrade from 3.5.x. See UPGRADE for the simple instructions. Changelog: Improvement * [ECA-845] - Attempt to revoke a certificate.user that is already revoked generates an error * [ECA-847] - Option to Health Check to perform sign test on CA token --- EJBCA is an enterprise class PKI Certificate Authority. EJBCA builds on the J2EE platform to create a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in any J2EE app. |
From: Tomas G. <to...@pr...> - 2008-07-11 13:15:10
|
We are very proud to announce this initial release of the Cert-cvc library developed by Keijo Kurkinen for the Swedish National Police Board and kindly donated to the EJBCA project. The library handles CVC certificates for EAC ePassport PKIs. The library is used in EJBCA to build support for CVC CAs. This release is feature complete for EU EAC ePassports using RSA algorithm. ECC support is still not complete. Any help in the ECC area is welcome. The library is freely usable under the LGPL 2.1 (or later) license for all parties interesting in handling CVC certificates, in particular for EU EAC ePassports. The library source code can be downloaded the EJBCA sourceforge page: http://sourceforge.net/project/platformdownload.php?group_id=39716 Building the library currently requires that one library from EJBCA (bcprov15.jar) is available. With this available issuing a simple 'ant' command will build the jar library file (which is already used in the EJBCA beta announced earlier today). Regards, EJBCA Team |
From: Tomas G. <to...@pr...> - 2008-07-11 12:57:48
|
The Swedish National Police Board has contributed support for CVC certificates as used by EU EAC ePassport PKI to EJBCA. EJBCA 3.7 will get complete support for building EAC PKIs. For those interested, you can download a summer beta from: http://www.primekey.se/~tomas/download/ejbca_3_7b6.zip Documentation is already available on ejbca.org: http://ejbca.org/cvccas.html The CVC certificate library developed by the Swedish National Police Board will soon be available as full open source under the LGPL license to be used by any interested party. Regards, EJBCA Team |
From: Tomas G. <to...@pr...> - 2008-06-29 12:13:50
|
EJBCA 3.5.7 is a minor release on the stable branch. You should only be interesed in this if you are sticking with 3.5.x instead of moving to 3.6.x. And only if you have had any of the below small issues. This is a plug-in upgrade from 3.5.x. See UPGRADE for the simple instructions. Changelog: Improvement * [ECA-808] - Errors that should not be errors but info messages Bug * [ECA-799] - Deadlock when running stress test that is revoking certificates * [ECA-800] - Importing certificate to CA with off-line token causes status to be wrong * [ECA-801] - CRL generation for CAs waiting for certificate response throws excepton * [ECA-807] - Error enrolling though SSL with client cert * [ECA-818] - NPE when issuing sparecard with cert without extended keyusage through HTMF Regards, EJBCA Team |