Issues Resolved in 7.11.0

Released December 2022

    New Features

    ECA-9261 - Allow enrollment of SSH Certificates over the RA Web

    ECA-9263 - Allow SSH certificates to be searched in the RA web

    ECA-10522 - Add support for ECDSA Authentication in peers using TLS 1.2

    ECA-10813 - Support for PBMAC1 algorithm in CMP

    ECA-10816 - Support for P10CR request body in CMP

    ECA-10963 - End entity profile for SSH

    ECA-10965 - Add support for SHA3 ECDSA signature algorithms to P11NG

    ECA-10980 - GUI: Ability to toggle revocation reason change

    ECA-10981 - Invoke publisher when revocation reason is changed.

    ECA-10982 - Backend: Allow revocation reason change

    ECA-10997 - RA Web support for revocation reason change

    ECA-11023 - CMP Alias Configuration for "Extended validation"

    ECA-11034 - Check if CMP extended validation via peers is enabled

    ECA-11096 - Add cache for signer certificate in CMP servlet

    ECA-11119 - Custom 'Expire' header for OCSP

    ECA-11134 - Implement full support for Ra Mode HMAC protection when using Extended Validation

    Improvements

    ECA-10541 - Improve RoleMembers in Partitioned approvals

    ECA-10691 - Split Keybindings page into OCSP Keybindings and Authentication Keybindings

    ECA-10719 - Remove ValidationTool

    ECA-10937 - Make entity e-mail field unchecked by default for RFC 822 in End Entity Profile

    ECA-10940 - Inject cross-certificates in CA Certificate chains for ACME (and others)

    ECA-10946 - Add Certificate validity start and end date option in RA Web

    ECA-10947 - Remove hardcoded DB name in mysql-privileges.sh

    ECA-10952 - Extract AD group membership from PAC (MSAE)

    ECA-10959 - Add PKUP in View Certificates

    ECA-10961 - Changes in external properties are not detected sufficiently fast

    ECA-10969 - CryptoToken page: Add IDs to the form elements so that test automation can identify them unambiguously

    ECA-10976 - Shortened IPv6 Parsing Errors in 7.9.0

    ECA-10988 - p11ng: implement better detection for vendor-specific behaviour

    ECA-10992 - Add option to enforce HTTPS client authentication for ACME

    ECA-10999 - Allow MSAE LDAP queries to follow LDAP referrals

    ECA-11008 - Merge P11NG changes from SignServer

    ECA-11012 - Request: Add new Index to create-index-ejbca.sql

    ECA-11049 - Configurable non-expired preproduced OCSP responses

    ECA-11052 - Improve error handling of EjbcaWS.cvcRequest

    ECA-11059 - Improve error message for future revocation date (RA-Web)

    ECA-11060 - RA-Web Change of revocation reason || Rendering conditions

    ECA-11061 - Improve /v2/endentity/search pagination and documentation

    ECA-11063 - Make SSH source-address field searchable in RA

    ECA-11065 - Create placeholder methods for RA Validation of CMP message

    ECA-11066 - Signature verification of cmp message in RA

    ECA-11067 - Support P10CR request body in cmpclient

    ECA-11083 - Add MAC verification to CmpServlet

    ECA-11092 - Minor language and UI improvements

    ECA-11093 - Move database.useSeparateCertificateTable above database settings in sample config file

    ECA-11094 - Validate Certificate status in CMP message

    ECA-11120 - Full French language and some GUI localization support, contributed by David Carella of Linagora.

    ECA-11124 - Add cache clearing to CMP Servlet and fix test

    ECA-11126 - Fix cmp message signature validation in Client Mode

    ECA-11131 - Oracle DB grants updated not to require DBA or admin rights

    ECA-11139 - Support either of multiple authentication modules in CMP extended validation

    ECA-11143 - Add PBMAC1 support for extended CMP validation

    ECA-11144 - Add test related for p10cr in CmpExtendedValidationTest

    ECA-11145 - Allow CMP CERT_REQ requests in HMAC mode with extended validation

    Bug Fixes

    ECA-10401 - Force local key generation option should not be visible in Community

    ECA-10799 - Renamed CAs stuck in "List Of Vendor CAs" in EST alias

    ECA-10859 - CA imported with empty name

    ECA-10874 - Documentation for WildFly 24 specifies PKCS12, while JKS are generated

    ECA-10894 - Configure OCSP extensions to always return if configured

    ECA-10897 - Azure OAuth OID Approval Prompt with AWS EJBCA Issues

    ECA-10919 - REST Certificate search V2 returns totalCert = null when certificates size is 0

    ECA-10925 - Special characters in IssuerDN not displayed correctly when reviewing certificate

    ECA-10929 - Pkcs12 content for PEM with enrollment with key recovery enabled

    ECA-10930 - CMP request without Content-Length returns wrong HTTP status code

    ECA-10953 - "Flush item" sometimes flushes a different item from the queue

    ECA-10954 - Default rules preset require /administrator/ in REST

    ECA-10958 - Saving Service config page takes too long when selecting large number of CAs

    ECA-10962 - Execution error when approving certificate in RA Web

    ECA-10967 - Concurrent requests to adminweb cause interrupted page loads and uppercase text

    ECA-10970 - Key Pair Created In The Wrong Slot For Crypto Token When 2 Tabs Are Open

    ECA-10989 - EJBCA CE Test Build Fail (false positive)

    ECA-10990 - Delete EE Subject DN Field with Same DN Attribute and Validation merges fields

    ECA-10991 - 'Required' has no effect at Key recovery options

    ECA-10998 - Use Username and Request ID are missing from RA web

    ECA-11004 - ConfigDump import fails when signing CA of SubCA is non-existent

    ECA-11005 - NullPointerException in SCEP GetCACert when CA name is incorrect

    ECA-11011 - REST max results increase stopped working

    ECA-11017 - Adding a CT log with specific usage period causes exception

    ECA-11020 - Fix issue with FQDN in SAN for MSAE

    ECA-11025 - EndEntity profile Subject field validation runs against the wrong field

    ECA-11029 - ClientToolBox creates not correctly DER wrapped OCSP Nonce extension

    ECA-11031 - Revisit EndEntityManagementSession TRIM queries

    ECA-11033 - Change revocation reason for Pre-cert revocation Service

    ECA-11041 - Revocation backdate does not survive approval.

    ECA-11042 - Revocation reason PRIVILEGE WITHDRAWN text does not show proper

    ECA-11044 - Upgrade apache common-text to 1.10 and commons-lang3 to 3.12.0

    ECA-11045 - fix encryptpwd not to require running appsrv

    ECA-11047 - Not able to delete soft/p11 cryptotoken (CE Contribution)

    ECA-11048 - Revocation backdate/change reason fix for partitioned approval.

    ECA-11051 - ACME EAB Issue upgrading from 7.8.2 to 7.10.0.1

    ECA-11054 - cmpclient missing libs

    ECA-11056 - Publishing is interrupted if one item in queue cannot publish

    ECA-11058 - Unable to upload cert file to enable the OCSP responders.

    ECA-11068 - configdump - "Use entity e-mail field" checkbox at a RFC 822 Name (e-mail address)

    ECA-11073 - REST endpoint profile related issues

    ECA-11090 - Updating remote keybindings should generate key names with "-" instead of "_"

    ECA-11095 - Make client certificate revocation effective for ACME over peers

    ECA-11122 - Remove location header for acme order post-as-get

    ECA-11123 - "ejbca.sh cryptotoken list" returns list without details for P11NG Tokens

    ECA-11127 - ConfigDump can fail with NPE when importing CMP configuration

    ECA-11138 - Fix language file