www.pudn.com > ejbca_3_5_3(1).zip > RELEASE_NOTES
EJBCA 3.5.3
-----------
This is a minor release, fixing a few bugs and introducing a new tool.
Notable changes are:
- Support for AEP KeyPer HSM using the EJBCA tools.
- Fix for broken pkcs11HSM.sh.
- A new tool for stress testing over the WS-API.
Read the changelog for details.
This is a plug-in upgrade from 3.5.x. See UPGRADE for the simple instructions.
EJBCA 3.5.2
-----------
This is a minor release, fixing some bugs and introducing some minor improvements.
Notable changes are:
- Support for Luna HSM was broken
- Files for building debian package included
- Portugeese translation of Admin-GUI
- Optimized CRL generation for generating CRLs with more than 100.000 revoked certificate
- Possible to use altNames in External RA SCEP service, and require a specific password
- Several bugfixes related to using external CAs
- and other minor fixes...
Read the changelog for details.
This is a plug-in upgrade from 3.5.x. See UPGRADE for the simple instructions.
EJBCA 3.5.1
-----------
This is a minor fix release, fixing an installation issue with 3.5.0 and some other minor bugs.
Read the changelog for details.
This is a plug-in upgrade from 3.5.x. See UPGRADE for the simple instructions.
EJBCA 3.5.0
-----------
This is a major release with many new interesting features and framework improvements.
Read the changelog for details.
Notable changes in no specific order:
- PKCS#11 interface to HSMs, support for Utimaco CryptoServer, and improved auto-activation of HSMs.
- Much enhanced Webservice API for administration.
- Import CA function supports HSM, possible to create initial CA on HSM and initial admin on smart card.
- Soft CA keystores uses same framework as HSMs, possible to give private password to every soft CA.
- New options for specifying certificate validity, per end entity, fixed date etc.
- Possible to keep configuration/modifications in an external directory.
- Possible to use different profiles in CMP RA mode.
- you can now require approvals for revocation.
- Support multiple email altNames in admin-GUI.
- Option to choose reverse DN for a CA.
- Root-less install, using custom SSL truststore for JBoss/Tomcat.
- Lots of other small fixes and improvements, 69 issues resolved.
For upgrade instructions, please se UPGRADE.
Because there are binary files in EJBCA_HOME/lib and many massive changes there is no patch file for upgrading
EJBCA 3.4.x to 3.5.0. Use the full package from EJBCA 3.5.0 and follow the upgrade instructions.
EJBCA 3.4.5
-----------
This is a patch release with only minor fixes.
Notable changes:
- Now it is configurable which interface JBoss http service listens to, eases hardening.
- Fixed a bug where path validation failed when using a MS-CA as External Root CA.
Read the changelog for details.
This is a plug-in upgrade from 3.4.x. See UPGRADE for the simple instructions.
EJBCA 3.4.4
-----------
This is a patch release with only minor fixes.
Notable changes:
- You can now use empty password to activate a HSM CA, which means that you can have operator cards without passwords, or that you can use module protected keys on the HSM (nCipher lingo).
- The interesting function for generating OpenVPN installers automatically for users have a fix so it works and is tested again.
Read the changelog for details.
This is a plug-in upgrade from 3.4.x. See UPGRADE for the simple instructions.
EJBCA 3.4.3
-----------
This is a patch release with some fixes and minor new features.
Notable new features are:
- Support for JBoss 4.2.x
- Support RSASHA256WithRSAAndMGF1 again, this algorithm was temporarily removed for a few versions due to code cleanups.
Used mostly for electronic passports in EU.
- Support for JavaDB/Derby
The release contains binary file changes (new BC JCE provider) so no patch file is provided.
If you upgrade to JBoss 4.2.0 and have a customized conf/web.properties,
remove web.jsfimpl from your conf/web.properties.
Read the changelog for details.
This is a plug-in upgrade from 3.4.x. See UPGRADE for the simple instructions.
Since there is a new version of the BC provider, you should run tests for yourself before upgrading
in production. We have run alot of tests, but can not guard against everying related to your environment.
EJBCA 3.4.2
-----------
This is a patch release with several fixes and minor new features. There are more issues fixed then normal in a
patch release, but they are mostly minor features and supposedly safe fixes.
Notable new features are:
- many enhancements for running EJBCA smoothly on both Weblogic and Glassfish
- fixes for enrollment in windows vista
- possibility to export a soft CA keystore
- a new publisher for publishing certificates and CRL with custom made scripts
- support for SCEP RA polling mode using the external RA module
- lots of small bug fixes
Read the changelog for details.
This is a plug-in upgrade from 3.4.x. See UPGRADE for the simple instructions.
EJBCA 3.4.1
-----------
This is a minor release with only two bug fixes.
Read the changelog for details.
This is a plug-in upgrade from 3.4.x. See UPGRADE for the simple instructions.
EJBCA 3.4.0
-----------
This is a major release with many new interesting features and framework improvements.
Read the changelog for details.
For upgrade instructions, please se UPGRADE.
Because there are binary files in EJBCA_HOME/lib and many massive changes there is no patch file for upgrading
EJBCA 3.3.x to 3.4.0. Use the full package from EJBCA 3.4.0 and follow the upgrade instructions.
Important changes:
In EJBCA 3.4.0 the default ASN.1 string encoding for DNs are now UTF8. In EJBCA 3.3.x and earlier, the default encoding was
PrintableString, unless the character set forced the usage of UTF8 (international characters).
Now DN components are always encoded as UTF8 (except for components that does not allow UTF8 such as C and SerialNumber).
See UPGRADE for information regarding upgrading from an old CA, and how the behaviour can be configured.
If you used to deploy with 'deploywithjbossservices', this is now done using the regular 'deploy', but you have to set an option
in conf/ejbca.properties.
EJBCA 3.3.3
-----------
This is a minor release with some improvement, most notably for LDAP.
Read the changelog for details.
This is a plug-in upgrade from 3.3.x. See UPGRADE for the simple instructions.
EJBCA 3.3.2
-----------
This is a minor release with some bugfixes, most notably for oracle and weblogic.
Read the changelog for details.
This is a plug-in upgrade from 3.3.x. See UPGRADE for the simple instructions.
EJBCA 3.3.1
-----------
This is a minor release with some bugfixes, most notably for Luna HSM.
Read the changelog for details.
This is a plug-in upgrade from 3.3.0. See UPGRADE for the simple instructions.
EJBCA 3.3.0
-----------
This is a major release with new features, improvements and bugfixes.
Read the changelog for details.
This is a plug-in upgrade from 3.2.2. See UPGRADE for the simple instructions.
EJBCA 3.2.2
-----------
This is a minor release with minor improvements and some bugfixes, mostly for MS-SQL.
Read the changelog for details.
This is a plug-in upgrade from 3.2.1. See UPGRADE for the simple instructions.
EJBCA 3.2.1
-----------
This is a minor release with one new features and some bugfixes.
Read the changelog for details.
This is a plug-in upgrade from 3.2.0. See UPGRADE for the simple instructions.
EJBCA 3.2.0
-----------
This is a release with new enterprise features and an internal restucturing of the code base.
Read the changelog for details.
There are database upgrades in this version (from 3.1.x).
See doc/UPGRADE for instruction how to upgrade your database.
You MUST do that!
Otherwise simply keep/copy ejbca.properties from the earlier installation.
Merge changes from ejbca.properties.sample into your ejbca.properties,
specially datasource.jndi-name and datasource.jndi-name-prefix if you changed them from the default values.
Copy the directory 'p12' from the earlier installation and 'ant deploy'
(or deploywithjbossservice) this new one.
Because there are binary files in EJBCA_HOME/lib and many massive changes there is no patch file for upgrading
EJBCA 3.1.3 to 3.2.0. Use the full package from EJBCA 3.2.0 and follow the upgrade instructions.
EJBCA V3.1.4
------------
This is a minor release with some new features and some bugfixes.
Read the changelog for details.
This is a plugin-upgrade from 3.1.3. Except for the following:
Merge changes from ejbca.properties.sample into your ejbca.properties,
specially datasource.jndi-name and datasource.jndi-name-prefix if you changed them from the default values.
Otherwise simply keep/copy ejbca.properties from the earlier installation.
Merge changes from ejbca.properties.sample into your ejbca.properties.
Copy the directory 'p12' from the earlier installation and 'ant deploy'
(or deploywithjbossservice) this new one.
EJBCA V3.1.3
------------
This is a minor release with some new features and some bugfixes.
Read the changelog for details.
This is a plugin-upgrade from 3.1.2.
Simply keep/copy ejbca.properties from the earlier installation,
copy the directory 'p12' from the earlier installation and 'ant deploy'
(or deploywithjbossservice) this new one.
Note that to fix ECA-144, 148 and 75, new version of lib/bcmail*.jar and
lib/bcprov*.jar are used. Since they are binary files they are not
included in the patch from version 3.1.2 to 3.1.3. You can use the patch and
manually replace the jar-files from the full distribution.
The 3.1.3 release have support for RSASSA-PSS signatures to conform to the
Swedish standard for MRTD certificates (Electronic Passports).
The RSASSA-PSS parameters can be seen and edited in the file
src/java/se/anatom/ejbca/ca/caadmin/ExtendedX509Util.java.15
IMPORTANT, compliation using jdk1.5 is required for this algorithm.
Otherwise this algorithm option won't show up
Enhanced support for international characters in the adminweb gui (Add/Edit pages).
Should work with most languages now.
It's now also possible to select a subset of a users SubjectDN and SubjectAltName
fields used in a particular kind of certificate. This is defined in the certificate profiles
EJBCA V3.1.2
------------
This is a minor release with two new features and some bugfixes.
Read the changelog for details.
This is a plugin-upgrade from 3.1/3.1.1.
Simply keep ejbca.properties from the earlier release, and 'ant deploy' this
new one.
Note that to fix ECA-126, new version of lib/bcmail-jdk14.jar and
lib/bcprov-jdk14.jar are used. Since they are binary files they are not
included in the patch from version 3.1 to 3.1.2. You can use the patch and
manually replace the jar-files.
EJBCA V3.1.1
------------
This is a minor release with a few small bugfixes found in the 3.1 release.
Read the changelog for details.
This is a plugin-upgrade from 3.1.
EJBCA V3.1
----------
This is a major release including many new features, improvements, and bug fixes.
Read the full changelog.
We are very proud of this release and recommend an upgrade.
This is mostly a plugin-upgrade from 3.0.7, no database changes needed.
Since the changes are massive, no patch file is provided.
To upgrade from 3.0.x follow doc/UPGRADE.
Please read this carefully!
EJBCA V3.0.7
------------
This is a plugin-upgrade from 3.0.6 or 3.0.5.
Apply patch, build and redeploy.
EJBCA V3.0.6
------------
This is a plugin-upgrade from 3.0.5.
Apply patch, build and redeploy.
If you are using the hard token stuff on MySQL (which you probably aren't or you would have noticed
this bug), you should drop the table HardTokenData and restart JBoss to recreate the table.
EJBCA V3.0.5
------------
This is a plugin-upgrade from 3.0.4.
Apply patch, build and redeploy.
For users of MS SQL 2000 you should note the column name 'rule_' (earlier 'rule' which is
a reserved word) in the table AccessRulesData.
EJBCA V3.0.4
------------
This is a plugin-upgrade from 3.0.3.
Apply patch, build and redeploy.
EJBCA V3.0.3
------------
The database table 'hardtokenprofiledata' using the database HypersonicSQL changed.
If you are using the hardtoken functionality on the HypersonicSQL database
(which you should not be doing in production), the table must be removed and
recreated. No migration script is provided since we don't anticipate anyone using
this combination in production.
EJBCA V3.0
----------
EJBCA 3.0 is a major new release taking the Open Source CA to new heights.
The most important improvment is that it is now possible to run several
PKI infrastructures within one single instance of EJBCA. Among other major improvements are also
complete support for OCSP, enanced Hard token interface and flexible
LDAP configuration through the Web-GUI.
This is a plugin-upgrade from beta3.
This release is not backwards compatible with EJBCA 2.1 without database upgrade.
Upgrade instructions must be followed if upgrading from EJBCA 2.1,
backup your database before trying any upgrades.
EJBCA V3.0Beta3
---------------
This is a plugin-upgrade from beta2.
There is an upgrade function from EJBCA2->EJBCA3 for the MySQL database, see doc/UPGRADE.
EJBCA V3.0Beta2
---------------
Thanks to a bug in Beta1 the database table 'HardTokenPropertyData' has changed. If you have been
using the HardToken features in Beta1, or plan to use them in the future, this table must be rebuilt.
'drop table hardtokenpropertydata' will delete and rebuild the table (data must be entered again).
Apart from this, it is a plug-in upgrade.
EJBCA V3.0beta1
---------------
EJBCA 3.0 is a major new release taking the Open Source CA to new heights.
The most noteworthy change is that it is now possible to run a complete (or several)
PKI infrastructure within one single instance of EJBCA.
This release is not backwards compatible with EJBCA 2.1 without database upgrade.
Upgrade instructions must be followed if upgrading from EJBCA 2.1,
backup your database before trying any upgrades.
The (default) LDAP schema has been changed to follow RFC 2256. If using LDAP,
the schema should be checked. You can configure the schema
(in ca/ca/META-INF/ejb-jar.xml) to be the same as before if needed.
EJBCA V2.1.2
------------
This is a plugin upgrade from V2.1.
The (default) LDAP schema has been changed to follow RFC 2256. If using LDAP,
the schema should be checked. You can configure the schema
(in ca/ca/META-INF/ejb-jar.xml) to be the same as before if needed. See HOWTO-LDAP.txt.
EJBCA V2.1.1
------------
This is a plugin upgrade from V2.1.
EJBCA V2.1
----------
New method to revoke certificates with external publishers.
EJBCA V2.0.1
------------
Except from notes below this is a plugin upgrade from v2.0.
Java >= 1.4 is now required.
Delete bcmail-jdk13*, jce-jdk13*, ldap.jar and regexp1_0_0.jar
from $JBOSS_HOME/server/default/lib.
EJBCA V2.0
----------
Name of initial temporary super administrator changed from "CN=
Walter" to "CN=
SuperAdmin". A new must be created.
All defined administrator privileges must be redefined.
Certificate profiles should be redefined.
Drop tables GlobalConfigurationData, AdminGroupData,
AdminEntityData,
AccessRulesData and EndEntityProfileData to flush configuration
and
administrator privileges (actually deleting the content would be
enough but you
might as well drop the tables).
Delete bcmail-jdk13-116.jar, jce-jdk13-116.jar, ldap.jar and
regexp1_0_0.jar from $JBOSS_HOME/server/default/lib.
EJBCA V2.0B1
----------
We have moved to EJB 2.0. JBoss 3 is now required.
A complete reinstall from EJBCA 1.x is required, old jars, wars
and ears must be
deleted.
Database schema has changed, old data in the database must be
migrated.
A Web GUI for administration is available through https, see
doc/README for
installation instructions.
EJBCA V1.3
----------
This is a plugin upgrade from v1.2 or 1.1. Just build and deploy
the new
files.
EJBCA V1.2
----------
This is a plugin upgrade from v1.1. Just build and deploy the
new
files.
EJBCA V1.1
----------
Upgrading from version 1.0:
If upgrading from version 1.0 the database tables need to be
migrated if the
DN attributes L or ST have been used. This is because the
ordering of those
attributes have changed (for string matching the order must be
defined).
If L or ST have not been used in DNs, migration is NOT needed.
What need to be done are to:
1. Read column with DN to me migrated from table.
2. Run 'newDN=CertTools.stringToBCDNString(oldDN)'.
3. Update column with DN in table.
Columns that need updating are:
issuerDN in table CRLData
subjectDN, issuerDN in table CertificateData
subjectDN in table UserData.
If a tool is needed to perform the migration, please contact us.
See http://sourceforge.net/projects/ejbca