Issues Resolved in 7.3.0
Released October 2019
New Features
ECA-7278 - Initial support for Azure Key Vault as EJBCA Crypto Token
ECA-8039 - Make OCSP Archive cutoff configurable in the CA UI, for all OCSP responses, and with (optional) static date (CA notBefore)
ECA-8236 - CA/Browser Forum Organization Identifier Field certificate extension (OID: 2.23.140.3.1) for PSD2 certificates
ECA-8371 - Add RA proxying to get global configurations
ECA-8372 - Get GlobalAcmeConfiguration over peer
ECA-8379 - EST support in Statedump
ECA-8390 - Convert caaIdentities URLs to IDN (ASCII) for ACME processing
ECA-8402 - Update SCEP GetCACaps return message to scep draft23
ECA-8403 - SCEP: set default hash algorithm to SHA-256 and support 3DES as response message encryption
ECA-8438 - Create Configdump EJB interface
ECA-8439 - Create configdump import CLI command
ECA-8440 - Add EJBCA version field to Configdump exports
ECA-8449 - Overwrite option for Configdump CLI: Replace/Update/Leave
ECA-8461 - Add the ability to view queued items in the CA web
ECA-8517 - Configdump import of Custom Certificate Extensions
ECA-8518 - Configdump import of Extended Key Usages
ECA-8519 - Configdump import of Internal Key Bindings
ECA-8520 - Configdump import of Publishers
ECA-8521 - Configdump import of Services
ECA-8522 - Configdump import of Certification Authorities
Tasks
ECA-7435 - Java 11: ClassNotFoundException: org.apache.geronimo.osgi.locator.ProviderLocator from WS Tests
ECA-8277 - clientToolBox uses the ext dir, which no longer exists in Java 11
ECA-8380 - ACME: QA Testing of ACME Changes
ECA-8405 - Documentation: Clarify CMP concurrent request to same user fails
ECA-8453 - Update some external dependencies
ECA-8454 - Update the last MySQL5Dialect to MySQL5InnoDBDialect in (old) external RA
ECA-8459 - Webtests: Add platform verification feature
ECA-8474 - Documentation: Add database driver and DataSource for PostgreSQL
ECA-8500 - QA Testing 7.3
ECA-8526 - System Test Investigation: EE_COS7_OpenJDK8_WF10_NOHSM_MSSQL2017
Improvements
ECA-7596 - Unification and consolidation of dockers' shell scripts
ECA-8073 - Include key information in ConfigDump
ECA-8247 - Allow CT logs to pick sharding by period
ECA-8273 - acme: Reduce code duplication
ECA-8329 - Clean up language files (Hard Token)
ECA-8330 - GUI: Rename all "Administrator Role" to "Role"
ECA-8335 - Update ACME authorization resources to RFC 8555 compliance
ECA-8336 - Update ACME 'revokeCert' resource to RFC 8555 compliance
ECA-8337 - Update ACME 'directory' resource to RFC 8555 compliance
ECA-8338 - Update ACME certificate resources to RFC 8555 compliance
ECA-8339 - Update ACME 'newAccount' resource to RFC 8555 compliance
ECA-8340 - Update ACME account resources to RFC 8555 compliance
ECA-8341 - Update ACME order resources to RFC 8555 compliance
ECA-8342 - Update ACME 'keyChange' resource to RFC 8555 compliance
ECA-8346 - Include references to the sql scripts available in the documentation.
ECA-8347 - Update ACME 'newNonce' resource to RFC 8555 compliance
ECA-8350 - Implement 'revokeCert' resource authorization for an ACME account holding all of the identifiers in the certificate
ECA-8356 - Exceptions caught by the EST servlet are not logged properly
ECA-8370 - Update ACME challenge response resource to RFC 8555 compliance
ECA-8397 - Update ACME documentation to RFC 8555 compliance
ECA-8399 - Remove ACME 'challenge' GET resource
ECA-8401 - Display a fingerprint of the imported Statedump after it has been imported in the CA web
ECA-8406 - Give a proper error message when using an attributes file for Client Toolbox in EJBCA
ECA-8409 - Select the correct attribútes file when editing a crypto token
ECA-8413 - Include the configured OCSP archive cutoff extension in all OCSP responses, not only for expired certs
ECA-8422 - Add CLI functionality for listing and editing OCSP extensions
ECA-8441 - Add import to ConfigdumpCore
ECA-8442 - Add YamlReader class
ECA-8443 - Add PoC for import of one object type in ConfigdumpSessionBean
ECA-8444 - Add import of important objects types in ConfigdumpSessionBean
ECA-8445 - Add import in configdump dump handlers
ECA-8446 - Create functional test (system test) for configdump import
ECA-8447 - CLI test for Configdump
ECA-8466 - ACME test suite re-factorings
ECA-8468 - Only report when available upstream RA peers changes
ECA-8475 - ACME end point test coverage
ECA-8477 - Add import of End Entity Profiles in Configdump
ECA-8478 - Configdump import of roles
ECA-8481 - Add implementation version in jar files to CAA cli tool, and other tools
ECA-8482 - Fix call of ACME operations with explicit ACME alias
ECA-8490 - Configdump import of Certificate Profiles
ECA-8502 - Create test for CaImportMsCaCertificates (import dump file created by certutil)
ECA-8513 - Sort items in list boxes on the role_edit.xhtml page in alphabetic order
ECA-8523 - Print CRL and public key when CRL fails to verify
ECA-8525 - Test of configdump import of Publishers
ECA-8527 - Option to export defaults in Configdump
ECA-8528 - Configdump documentation
ECA-8529 - AzureCryptoToken: Fix missing html ID and log if password is empty
ECA-8537 - Test of Configdump import of Internal Key Bindings
ECA-8543 - Exclude configdump import from ziprelease
Bug Fixes
ECA-7320 - CN from CSR not loaded correctly when "Changing a CSR"
ECA-7486 - EEP default Token type selection doesn't work on RaWeb enrollmakenewrequest page
ECA-7739 - Using a certificate profile template does not select the correct fields
ECA-7849 - Regression: foot_banner not used
ECA-7947 - Unused access rules are saved in basic mode
ECA-8033 - For configdump, allow it to skip past CAs waiting for a response and complete.
ECA-8099 - CA created with "Signed By External CA" has Serial Number Octet Size -1
ECA-8232 - IPv6 RFC compliant HREF links in EJBCA
ECA-8307 - CryptoTokenData: P11CryptoToken row entry touched/updated without need
ECA-8319 - "clientToolBox PKCS11HSMKeyTool linkcert" command should work according to ICAO 9303
ECA-8320 - SCP Publisher uses managing admin to sign payload
ECA-8322 - CertificateCrlReader does not handle revocation publications correctly
ECA-8323 - Fix findbugs warnings
ECA-8325 - CMP Configuration UI issues
ECA-8326 - CryptoToken.getPublicKey return javadoc differs from implementation
ECA-8344 - Jenkins job EE_COS7_OpenJDK8_WF10_NOHSM_DB2 cannot find DB2 Express-C docker image
ECA-8345 - Jenkins failing test 'org.ejbca.core.model.services.worker.CertificateCrlReaderSystemTest.testReadCertificateFromDisk'
ECA-8354 - First column not displayed when running the script language-tool.sh -s
ECA-8360 - Generated CRL Distribution Point and Issuer do not show correct DN
ECA-8375 - Regression: Failing Selenium test EcaQa206_CRLPartitionsIncorrectSettings
ECA-8383 - Reference lib.jpa.classpath not found when building cmpProxy for Tomcat.
ECA-8391 - New EST alias fields missing from ConfigDump export
ECA-8407 - User is asked to confirm slot re-use when editing an existing PKCS#11 crypto token
ECA-8410 - Set EJBCA_HOME in ejbca.sh if not set already
ECA-8411 - CRL is stored in publisher queue even if direct publishing is successful
ECA-8412 - PublishQueueProcessWorker always reports a NO_ACTION ServiceExecutionResult
ECA-8419 - Jenkins failing test 'org.ejbca.core.ejb.ProfilingTest.retrieveStats'
ECA-8420 - Jenkins failing test 'org.ejbca.core.ejb.upgrade.UpgradeSessionBeanTest.testUpgradeOcspExtensions6120'
ECA-8423 - Update Muehlbauer WS for removed Hardtoken
ECA-8426 - Trim CT log URLs
ECA-8428 - EST Name Generation USERNAME option gives error message when client username not set
ECA-8433 - Add placeholder to ejbca resourses CMP error message
ECA-8434 - OCSP Extensions are temporarily saved, even when the Save button is not clicked
ECA-8435 - Some CA lists in RA Web is sorted case sensitive
ECA-8436 - Caching issue with PSD2 fields in RA-web
ECA-8457 - Database protection broken on existing installations
ECA-8464 - EST configuration in Admin UI is not cleared when navigating away from the page
ECA-8465 - MSSQL Jenkins job (DB collation has to support case sensitivity)
ECA-8470 - Regression: GUI doesn't render "</br>" correctly for view certificate screen
ECA-8479 - Crypto token manage page checks for wrong permission
ECA-8484 - RA enrollment returns older certificate when validation fails
ECA-8485 - Legacy External RA not working with Wildfly 14 because of problem with the hibernate provider.
ECA-8486 - NPE when you click on 'Export selected' without selecting anything on Manage End Entity Profile page
ECA-8488 - L10n: Typo in English language
ECA-8492 - Importing Microsoft CA fails using ejbca.sh
ECA-8504 - Inconsistency when creating roles in CA web and RA web
ECA-8506 - Add missing textfield id for textfieldsharedcmprasecret
ECA-8509 - Regression: EJBCA Ignores CryptoToken Selection While Creating CA When Using the Default Key Option for the CertSignKey
ECA-8514 - RA Web incorrectly claims that role has members
ECA-8515 - Peer connector missing permissions when Approval management is set
ECA-8532 - Allow subject DN override and allow extension override is not honoured in the REST API
ECA-8538 - Regression: exception clicking on "Clear caches" button
ECA-8540 - Configdump error when exporting new unmodified ACME alias
ECA-8541 - Missing setters and unhandled nulls cause errors in Configdump
ECA-8542 - Fix configdump warning when importing certain End Entity Profiles