New Features

ECA-7019 - Write documentation for ACME

ECA-7185 - ACME persistence: Create ORM scripts AcmeAccountData

ECA-7187 - Add ACME to Statedump

ECA-7188 - Add ACME to Configdump

ECA-7198 - ACME persistence: Create ORM scripts/entities/CRUD for AcmeOrderData

ECA-7199 - ACME persistence: Create ORM scripts/entities/CRUD for AcmeAuthorizationData

ECA-7200 - ACME persistence: Create ORM scripts/entities/CRUD for AcmeChallengeData

ECA-7202 - ACME system tests - analyse, improve and enable skipped system tests

ECA-7237 - Swagger problems with ACME module

ECA-7244 - Add ability to link in compiled JARs as plugins

ECA-7250 - PKCS11 enable using CKA_LABEL also when a sun attributes file is used

ECA-7253 - Add a method to SignSession in order to sign arbitrary payloads

ECA-7257 - Add possibility to disable Crypto Token key generation for specific PKCS#11 drivers in GUI

ECA-7259 - Add Amazon CloudHSM p11 driver to known P11 drivers in web.properties

ECA-7264 - Re-use endentity for ACME cert renewal flow

ECA-7287 - Add Required checkbox to the custom extension configuration screen and logic in backend

ECA-7288 - Add wildcard identifier to the Certificate Extension OIDs

Tasks

ECA-7138 - Ensure quality in ACME

ECA-7203 - Verify that ACME works with aliases

ECA-7207 - Verify & document External Account Binding in ACME

ECA-7252 - test ACME cert renewal and deacticvation flows with acme4j

ECA-7275 - Test ACME wildcard cert issuance and pre-authorization with certbot.

ECA-7323 - Document Peer RA Protocol Rules

ECA-7324 - Document Optional Custom Extensions

ECA-7331 - Verify if Swagger UI for works for ACME API. If it does, add documentation to confluence. If not, hide the ACME part from swaggerUI

Improvements

ECA-6921 - ACME persistence: CRUD for AcmeAccountData

ECA-7114 - Improved test for ACME dns-01 validation.

ECA-7120 - Upgrade EJBCA/CESeCore to BouncyCastle 1.60

ECA-7125 - Precompile Swagger UI WAR and add to ejbca/dist

ECA-7194 - Create certificate only for order from request

ECA-7204 - Re-enable ACME in GUI

ECA-7227 - Remove "CA Service Activation" from Certificate Profiles

ECA-7233 - Remove JavaDoc and source files from lib directory

ECA-7234 - Use a StringBuilder to improve efficiency creating database protection

ECA-7239 - Make DNSSEC optional for dns validation

ECA-7240 - EJBCA_TRUNK_MARIADB_UBUNTU1204_JBOSS711GA_PUPPET tests failing

ECA-7243 - Hide external account binding option from ACME GUI

ECA-7247 - Improve the New Terms of Service Agreement functionality of EJBCA ACME server.

ECA-7248 - Use EJBCA name style for issuerDN in CMP revocation request handler

ECA-7251 - Remove clover jar from ziprelease

ECA-7304 - Update default DNSSEC trust anchors

ECA-7305 - Upgrade handling for new "DNS port" setting for ACME

ECA-7310 - Improve feedback from CAA Validator

ECA-7311 - Possible serialization failure when editing Access Rules in Advanced Mode

ECA-7316 - Missing svn:keywords

Bug Fixes

ECA-6872 - Cannot enroll user with Cyrillic characters using RA web + appliance

ECA-7096 - Don't store certificate meta data option makes expireDate not published, causing archiveCutOff

ECA-7154 - SQL Grammar Exception on MS SQL Server v12

ECA-7193 - Move check of requested certificate validity from finalize to newOrder

ECA-7201 - Documentation link to Renew CA gives 404

ECA-7211 - OCSP signing certificates aren't always published for throwaway CAs with revoke enabled

ECA-7215 - CMP: RA Name Generation Scheme with DN component serialNumber does not work

ECA-7220 - DROP table scripts for AcmeNonceData is missing

ECA-7224 - Broken class-path references in ctlog.jar causes WARN messages in the JBoss log file

ECA-7231 - StringTools B64 failing unit test after upgrade to BC 1.60

ECA-7238 - EjbcaWS doesn't handle timeformats ending with 'Z'

ECA-7242 - EJBCA is trying to parse the string 'KeyId' as an integer when authorising an admin

ECA-7245 - NPE when issuing certificate via certbot

ECA-7246 - EjbcaWSTest fails with clearpassword

ECA-7249 - HSMKeyTool --force flag does not work when using an attributes file

ECA-7258 - Security: information leak in debug log

ECA-7260 - CryptoToken key generate button shown when it should not

ECA-7268 - RA Web search End Entities doesn't render if not authorized to search certificates

ECA-7269 - Regression: JSF errors on JBoss AS 7.1.1

ECA-7274 - Test ACME wildcard certificate issuance and pre-authorization with acme4j

ECA-7277 - DatabaseProtection on CertificateProfileData incompatible between <=6.11 and >= 6.12

ECA-7285 - Add HEAD request for the endpoint revokeCert

ECA-7286 - Fix NPE which happens when de-registering account with certbot

ECA-7302 - Name Constraints error when saving existing CA

ECA-7306 - GUI bug in Edit CA page.

ECA-7307 - 'Close' button not functioning under 'View Certificate'

ECA-7322 - Import renewed CA certificates, for External CA does not import to CertificateData, for Externally Signed CA does not publish