Issues Resolved in 7.11.0
Released December 2022
New Features
ECA-9261 - Allow enrollment of SSH Certificates over the RA Web
ECA-9263 - Allow SSH certificates to be searched in the RA web
ECA-10522 - Add support for ECDSA Authentication in peers using TLS 1.2
ECA-10813 - Support for PBMAC1 algorithm in CMP
ECA-10816 - Support for P10CR request body in CMP
ECA-10963 - End entity profile for SSH
ECA-10965 - Add support for SHA3 ECDSA signature algorithms to P11NG
ECA-10980 - GUI: Ability to toggle revocation reason change
ECA-10981 - Invoke publisher when revocation reason is changed.
ECA-10982 - Backend: Allow revocation reason change
ECA-10997 - RA Web support for revocation reason change
ECA-11023 - CMP Alias Configuration for "Extended validation"
ECA-11034 - Check if CMP extended validation via peers is enabled
ECA-11096 - Add cache for signer certificate in CMP servlet
ECA-11119 - Custom 'Expire' header for OCSP
ECA-11134 - Implement full support for Ra Mode HMAC protection when using Extended Validation
Improvements
ECA-10541 - Improve RoleMembers in Partitioned approvals
ECA-10691 - Split Keybindings page into OCSP Keybindings and Authentication Keybindings
ECA-10719 - Remove ValidationTool
ECA-10937 - Make entity e-mail field unchecked by default for RFC 822 in End Entity Profile
ECA-10940 - Inject cross-certificates in CA Certificate chains for ACME (and others)
ECA-10946 - Add Certificate validity start and end date option in RA Web
ECA-10947 - Remove hardcoded DB name in mysql-privileges.sh
ECA-10952 - Extract AD group membership from PAC (MSAE)
ECA-10959 - Add PKUP in View Certificates
ECA-10961 - Changes in external properties are not detected sufficiently fast
ECA-10969 - CryptoToken page: Add IDs to the form elements so that test automation can identify them unambiguously
ECA-10976 - Shortened IPv6 Parsing Errors in 7.9.0
ECA-10988 - p11ng: implement better detection for vendor-specific behaviour
ECA-10992 - Add option to enforce HTTPS client authentication for ACME
ECA-10999 - Allow MSAE LDAP queries to follow LDAP referrals
ECA-11008 - Merge P11NG changes from SignServer
ECA-11012 - Request: Add new Index to create-index-ejbca.sql
ECA-11049 - Configurable non-expired preproduced OCSP responses
ECA-11052 - Improve error handling of EjbcaWS.cvcRequest
ECA-11059 - Improve error message for future revocation date (RA-Web)
ECA-11060 - RA-Web Change of revocation reason || Rendering conditions
ECA-11061 - Improve /v2/endentity/search pagination and documentation
ECA-11063 - Make SSH source-address field searchable in RA
ECA-11065 - Create placeholder methods for RA Validation of CMP message
ECA-11066 - Signature verification of cmp message in RA
ECA-11067 - Support P10CR request body in cmpclient
ECA-11083 - Add MAC verification to CmpServlet
ECA-11092 - Minor language and UI improvements
ECA-11093 - Move database.useSeparateCertificateTable above database settings in sample config file
ECA-11094 - Validate Certificate status in CMP message
ECA-11120 - Full French language and some GUI localization support, contributed by David Carella of Linagora.
ECA-11124 - Add cache clearing to CMP Servlet and fix test
ECA-11126 - Fix cmp message signature validation in Client Mode
ECA-11131 - Oracle DB grants updated not to require DBA or admin rights
ECA-11139 - Support either of multiple authentication modules in CMP extended validation
ECA-11143 - Add PBMAC1 support for extended CMP validation
ECA-11144 - Add test related for p10cr in CmpExtendedValidationTest
ECA-11145 - Allow CMP CERT_REQ requests in HMAC mode with extended validation
Bug Fixes
ECA-10401 - Force local key generation option should not be visible in Community
ECA-10799 - Renamed CAs stuck in "List Of Vendor CAs" in EST alias
ECA-10859 - CA imported with empty name
ECA-10874 - Documentation for WildFly 24 specifies PKCS12, while JKS are generated
ECA-10894 - Configure OCSP extensions to always return if configured
ECA-10897 - Azure OAuth OID Approval Prompt with AWS EJBCA Issues
ECA-10919 - REST Certificate search V2 returns totalCert = null when certificates size is 0
ECA-10925 - Special characters in IssuerDN not displayed correctly when reviewing certificate
ECA-10929 - Pkcs12 content for PEM with enrollment with key recovery enabled
ECA-10930 - CMP request without Content-Length returns wrong HTTP status code
ECA-10953 - "Flush item" sometimes flushes a different item from the queue
ECA-10954 - Default rules preset require /administrator/ in REST
ECA-10958 - Saving Service config page takes too long when selecting large number of CAs
ECA-10962 - Execution error when approving certificate in RA Web
ECA-10967 - Concurrent requests to adminweb cause interrupted page loads and uppercase text
ECA-10970 - Key Pair Created In The Wrong Slot For Crypto Token When 2 Tabs Are Open
ECA-10989 - EJBCA CE Test Build Fail (false positive)
ECA-10990 - Delete EE Subject DN Field with Same DN Attribute and Validation merges fields
ECA-10991 - 'Required' has no effect at Key recovery options
ECA-10998 - Use Username and Request ID are missing from RA web
ECA-11004 - ConfigDump import fails when signing CA of SubCA is non-existent
ECA-11005 - NullPointerException in SCEP GetCACert when CA name is incorrect
ECA-11011 - REST max results increase stopped working
ECA-11017 - Adding a CT log with specific usage period causes exception
ECA-11020 - Fix issue with FQDN in SAN for MSAE
ECA-11025 - EndEntity profile Subject field validation runs against the wrong field
ECA-11029 - ClientToolBox creates not correctly DER wrapped OCSP Nonce extension
ECA-11031 - Revisit EndEntityManagementSession TRIM queries
ECA-11033 - Change revocation reason for Pre-cert revocation Service
ECA-11041 - Revocation backdate does not survive approval.
ECA-11042 - Revocation reason PRIVILEGE WITHDRAWN text does not show proper
ECA-11044 - Upgrade apache common-text to 1.10 and commons-lang3 to 3.12.0
ECA-11045 - fix encryptpwd not to require running appsrv
ECA-11047 - Not able to delete soft/p11 cryptotoken (CE Contribution)
ECA-11048 - Revocation backdate/change reason fix for partitioned approval.
ECA-11051 - ACME EAB Issue upgrading from 7.8.2 to 7.10.0.1
ECA-11054 - cmpclient missing libs
ECA-11056 - Publishing is interrupted if one item in queue cannot publish
ECA-11058 - Unable to upload cert file to enable the OCSP responders.
ECA-11068 - configdump - "Use entity e-mail field" checkbox at a RFC 822 Name (e-mail address)
ECA-11073 - REST endpoint profile related issues
ECA-11090 - Updating remote keybindings should generate key names with "-" instead of "_"
ECA-11095 - Make client certificate revocation effective for ACME over peers
ECA-11122 - Remove location header for acme order post-as-get
ECA-11123 - "ejbca.sh cryptotoken list" returns list without details for P11NG Tokens
ECA-11127 - ConfigDump can fail with NPE when importing CMP configuration
ECA-11138 - Fix language file