Issues Resolved in 7.10.0
Internal Release September 2022
New Features
ECA-9266 - Create a REST call for retrieving an SSH CA's public key
ECA-9561 - ACME IP Identifier Validation http-01 Challenge
ECA-9998 - REST endentity/search call with pagination
ECA-10222 - Produce Pre-signed OCSP Responses Only for non-expired Certificates
ECA-10392 - Add REST end point to /ca to import a CRL
ECA-10574 - Allow v1/certificate REST module to be released with the next CE edition
ECA-10640 - Add HSM/PKCS11 support for CITS
ECA-10667 - CA type and CA Implementation for ProxyCA
ECA-10693 - Periodically update public keys on Azure OAuth Alias
ECA-10705 - Add 'Renew' to the menu and Implement the renew page UI
ECA-10706 - Implement the Renew Current Client Certificate section
ECA-10723 - Allow REST to use CSR + keep end entity email address
ECA-10742 - Sort and pagination on End Entity Search v2
ECA-10743 - REST Endpoint for CRL Creation
ECA-10765 - Add support for ssh-ed25519-cert-v01 for SSH keys/certificates
ECA-10795 - Make P11NG work with GCP KMS PKCS#11 library
ECA-10828 - Key encryption/archival using ECCDH
ECA-10868 - Remove default public access role after initial installation
ECA-10869 - REST Endpoint to get end entity profiles
ECA-10870 - REST Endpoint to get certificate profiles
ECA-10871 - REST Endpoint to get end entity profile content
ECA-10917 - Cert Safe Publisher in Community Edition
Improvements
ECA-10005 - App version, host and used auth is not shown when init wizard is
ECA-10009 - Remove old script based autoenrollment
ECA-10060 - Improve AcmeAuthorizationData data structure for read operations
ECA-10298 - Editing Certificate Extension Data in RA web
ECA-10386 - Keep Subject DN order in EE profiles with configdump export
ECA-10402 - Remove ejbca-setup.sh and modify documentation
ECA-10443 - ACME performance - Make challenge types configurable per ACME alias
ECA-10451 - Catch NPE for subject key ID in SearchCertificatesRestResponseConverterV2 REST API
ECA-10481 - Add protocol configuration to configdump
ECA-10519 - Add proper Git readme and license files in root directory
ECA-10562 - Add support for EE email in REST /v1/certificate/pkcs10enroll POST
ECA-10563 - Upgrade dnsjava to 3.5.0
ECA-10645 - Merge P11NG change to close sessions with unfinished operation
ECA-10649 - Upgrade json-smart to version 2.4.8 or later
ECA-10663 - Add Email notification support to /v1/endentity REST
ECA-10672 - Add internal "setupgradeversion" command
ECA-10677 - Create new access rule for restricted public access in RA UI
ECA-10679 - Migrate P11NG into its own module
ECA-10684 - Upgrade commons-codec to 1.15 or later
ECA-10687 - Upgrade commons-fileupload to 1.4 or later
ECA-10690 - Upgrade commons-text to 1.9
ECA-10697 - Upgrade Nimbus JOSE+JWT to nimbus-jose-jwt-9.21.jar
ECA-10700 - Upgrade csrfguard to 4.0.0 or later
ECA-10714 - Remove ROOT access requirement for EMPTY EEP when enrolling via Use Username
ECA-10720 - EJBCA REST API Update Time field doesn't work for query criteria with cert v2 api
ECA-10726 - Change ACME system test methods to challenge type to DNS to fix test failures in Jenkins
ECA-10727 - Replace cli-util with keyfactor-commons-cli
ECA-10733 - Remove references to ocsp.defaultresponder in ocsp.properties.sample
ECA-10739 - Allow renewal when certificate is about to expire
ECA-10741 - Implement EST enrolment (RE) for Proxy CA
ECA-10744 - Add keyAlg parameter to Finalize endpoint in certificate REST API
ECA-10746 - Improve ACME DNS challenge error handling and logging
ECA-10747 - In the renewal page, use client certificate from the request
ECA-10753 - Add index recommendation that plays nice with Keyfactor Gateway Connector
ECA-10762 - upgrade jakarta.activation to 2.1.0 or later
ECA-10773 - ConfigDump support for ProxyCA
ECA-10776 - Investigate and improve high db usage
ECA-10786 - Editing Certificate Other Data in RA web
ECA-10804 - Upgrade Extent libs
ECA-10805 - Upgrade csrfguard to 4.1.4 or later
ECA-10810 - Remove URLEncoder.encode-warnings from CaRestResourceSystemTest
ECA-10812 - Upgrade Apache Commons Configuration from 1.6 to 2.7
ECA-10815 - Remove src/pkg subdirectory
ECA-10817 - Include Domain FQDN for Kerberos / DC templates
ECA-10819 - Merge P11NG changes from SignServer
ECA-10821 - Documentation improvement for REST API
ECA-10842 - Wildfly 26 officially supported/recommended
ECA-10843 - clientToolBox: EjbcaWsRaCli stress: allow to specify the number of tests to run
ECA-10844 - clientToolBox: add a bit of tooling to help handling of the result.ser Serialized Java Object File
ECA-10909 - RA Web Self-Renewal improvements
ECA-10921 - Update Documentation on CA Fields with PrintableString encoding in DN
ECA-10932 - Improve post upgrade UI logging
Bug Fixes
ECA-2140 - Multichoice for SubjectDN fields generates Exception
ECA-4383 - Add input validation and remove case sensitivity from keybind modify command.
ECA-8929 - configdump can not import Super Administrator Role
ECA-9094 - Regression - Exception occurs in RA Web preferences on changing language
ECA-9169 - Issue in configdump import for CP with extended key usages.
ECA-10131 - Duplicate certificates when database.crlgenfetchordered is used
ECA-10300 - MSAE alias "Test connection" clears user input
ECA-10371 - Configdump does not differentiate between spaces and underscore and can miss items
ECA-10381 - Null Pointer Exception in eedetails.xhtml
ECA-10502 - Adding role member through RA web assert tokenIssuerId=0
ECA-10545 - RA Web Make New Request does not correctly parse CSR
ECA-10588 - Support OCSP Pre-Signer service in Configdump
ECA-10623 - Default CRL Distribution Point is not a valid URI when ( " ) is used
ECA-10639 - Duplicate OCSPKeyBinding Entry
ECA-10646 - CertificateCrlReader fails if full CA chain is not present on VA.
ECA-10660 - REST /v1/endentity/{user}/setstatus doesn't allow PEM token
ECA-10665 - IllegalStateException in End Entity view for superadmin
ECA-10675 - RA Request preview shows EKU even if cleared from Cert Profile
ECA-10692 - Intune revocation poller fails if CA uses ldap order
ECA-10703 - Improving the log entry when publishing CRL but not storing them in db
ECA-10707 - Improve EJBCA's behavior with trailing spaces
ECA-10711 - Email not displaying in waiting for approval status
ECA-10712 - Post Upgrade Failing
ECA-10713 - MSAE cannot be used if AD template has "Subject name format: None"
ECA-10715 - CAs list not correct in edit EE page in Ra
ECA-10725 - CSR parsing with -----BEGIN NEW CERTIFICATE REQUEST----- is missing
ECA-10730 - EJBCA ACME MOD_MD ISSUES (SSL.Com)
ECA-10731 - ACME email notifications - how to make it work
ECA-10734 - ADConnectionSingletonBean - could not obtain lock within 5000MILLISECONDS
ECA-10736 - No options for "Issuer" When Editing End Entity in RA Web if Available CAs is Set to “Any CA"
ECA-10745 - MSAE "RelatesTo" Id can get overwritten during parallel requests
ECA-10750 - MSAE does not work when EJBCA is running on Windows
ECA-10758 - Sun PKCS11 not working on RedHat OpenJDK 11.0.15
ECA-10763 - Name constraints throwing NPE after 7.6.0
ECA-10775 - getAvailableCAsInProfile(int entityProfileId) in Web Services does not return CAs in case Any CA
ECA-10779 - Community Edition build failures
ECA-10792 - Missing descriptions in swagger.json
ECA-10793 - Unable to enroll superadmin due to missing transactional support
ECA-10796 - fix clientToolBox help/documentation
ECA-10798 - REST protocols can't be enabled in CE
ECA-10801 - Unexpected Exception when creating new OcspKeyBinding (when not selecting Key Pair Alias)
ECA-10811 - CertificateCrlReader can't update certificate if type changes from standard to limited
ECA-10822 - JsfDynamicUiPsmFactory ArrayIndexOutOfBoundsException
ECA-10826 - Configdump EST configuration can not update
ECA-10827 - EST configuration in UI does not show most recent state
ECA-10830 - REST SSH resource improvements
ECA-10839 - RA web enroll make new request page does not properly handle required fields
ECA-10849 - SSH Rest access token and response content to UTF
ECA-10850 - Correct test failure Jenkins related to ticket eca 10775
ECA-10851 - Intune revocation only working with a proxy
ECA-10853 - Library load/activation failure of auto-activated PKCS#11 NG token causes partial lock-out from GUI
ECA-10856 - Address duplicate entries in NoconflictCertificateData table
ECA-10857 - AuthToken 250 character limit preventing certificate issuance
ECA-10860 - End entity DN merge does not work on fields with DN as attribute value
ECA-10864 - Issue on importing validators via configdump
ECA-10865 - Regression: Access rule with non-existent CA causes NPE on RA certificate search
ECA-10872 - Update ejbcaClientToolbox with log4j compatability flag
ECA-10875 - Regression: Upgrade to Commons Configuration 2 breaks database protection using HSMs
ECA-10876 - Error obfuscating non-ASCII passwords
ECA-10881 - Upgrade to Commons Configuration 2 reloads config every minute instead of at file change
ECA-10886 - Marker from REST resource is never removed
ECA-10890 - User needs to re-select algorithm after the certificate has been approved in RAWeb
ECA-10891 - Publish Queue Process Service does not handle missing certificate correctly
ECA-10894 - Configure Certificate Hash OCSP extension to always return if configured
ECA-10896 - Add CRL generation upon revocation is not working
ECA-10904 - Security Issue
ECA-10905 - Security Issue
ECA-10908 - Upgrade page in CA UI always show "Failed"
ECA-10920 - OCSP transaction and audit logging could not be modified in UI
ECA-10922 - Allow soft (default) key generation to support EdDSA
ECA-10923 - Missing libraries on p11ng-cli classpath causes NoClassDefFoundError for StringLookupFactory
ECA-10926 - Security Issue
ECA-10927 - NoClassDefFoundError for ejbcawsracli