Issues Resolved in 7.3.0

Released October 2019

    New Features

    ECA-7278 - Initial support for Azure Key Vault as EJBCA Crypto Token

    ECA-8039 - Make OCSP Archive cutoff configurable in the CA UI, for all OCSP responses, and with (optional) static date (CA notBefore)

    ECA-8236 - CA/Browser Forum Organization Identifier Field certificate extension (OID: 2.23.140.3.1) for PSD2 certificates

    ECA-8371 - Add RA proxying to get global configurations

    ECA-8372 - Get GlobalAcmeConfiguration over peer

    ECA-8379 - EST support in Statedump

    ECA-8390 - Convert caaIdentities URLs to IDN (ASCII) for ACME processing

    ECA-8402 - Update SCEP GetCACaps return message to scep draft23

    ECA-8403 - SCEP: set default hash algorithm to SHA-256 and support 3DES as response message encryption

    ECA-8438 - Create Configdump EJB interface

    ECA-8439 - Create configdump import CLI command

    ECA-8440 - Add EJBCA version field to Configdump exports

    ECA-8449 - Overwrite option for Configdump CLI: Replace/Update/Leave

    ECA-8461 - Add the ability to view queued items in the CA web

    ECA-8517 - Configdump import of Custom Certificate Extensions

    ECA-8518 - Configdump import of Extended Key Usages

    ECA-8519 - Configdump import of Internal Key Bindings

    ECA-8520 - Configdump import of Publishers

    ECA-8521 - Configdump import of Services

    ECA-8522 - Configdump import of Certification Authorities

    Tasks

    ECA-7435 - Java 11: ClassNotFoundException: org.apache.geronimo.osgi.locator.ProviderLocator from WS Tests

    ECA-8277 - clientToolBox uses the ext dir, which no longer exists in Java 11

    ECA-8380 - ACME: QA Testing of ACME Changes

    ECA-8405 - Documentation: Clarify CMP concurrent request to same user fails

    ECA-8453 - Update some external dependencies

    ECA-8454 - Update the last MySQL5Dialect to MySQL5InnoDBDialect in (old) external RA

    ECA-8459 - Webtests: Add platform verification feature

    ECA-8474 - Documentation: Add database driver and DataSource for PostgreSQL

    ECA-8500 - QA Testing 7.3

    ECA-8526 - System Test Investigation: EE_COS7_OpenJDK8_WF10_NOHSM_MSSQL2017

    Improvements

    ECA-7596 - Unification and consolidation of dockers' shell scripts

    ECA-8073 - Include key information in ConfigDump

    ECA-8247 - Allow CT logs to pick sharding by period

    ECA-8273 - acme: Reduce code duplication

    ECA-8329 - Clean up language files (Hard Token)

    ECA-8330 - GUI: Rename all "Administrator Role" to "Role"

    ECA-8335 - Update ACME authorization resources to RFC 8555 compliance

    ECA-8336 - Update ACME 'revokeCert' resource to RFC 8555 compliance

    ECA-8337 - Update ACME 'directory' resource to RFC 8555 compliance

    ECA-8338 - Update ACME certificate resources to RFC 8555 compliance

    ECA-8339 - Update ACME 'newAccount' resource to RFC 8555 compliance

    ECA-8340 - Update ACME account resources to RFC 8555 compliance

    ECA-8341 - Update ACME order resources to RFC 8555 compliance

    ECA-8342 - Update ACME 'keyChange' resource to RFC 8555 compliance

    ECA-8346 - Include references to the sql scripts available in the documentation.

    ECA-8347 - Update ACME 'newNonce' resource to RFC 8555 compliance

    ECA-8350 - Implement 'revokeCert' resource authorization for an ACME account holding all of the identifiers in the certificate

    ECA-8356 - Exceptions caught by the EST servlet are not logged properly

    ECA-8370 - Update ACME challenge response resource to RFC 8555 compliance

    ECA-8397 - Update ACME documentation to RFC 8555 compliance

    ECA-8399 - Remove ACME 'challenge' GET resource

    ECA-8401 - Display a fingerprint of the imported Statedump after it has been imported in the CA web

    ECA-8406 - Give a proper error message when using an attributes file for Client Toolbox in EJBCA

    ECA-8409 - Select the correct attribútes file when editing a crypto token

    ECA-8413 - Include the configured OCSP archive cutoff extension in all OCSP responses, not only for expired certs

    ECA-8422 - Add CLI functionality for listing and editing OCSP extensions

    ECA-8441 - Add import to ConfigdumpCore

    ECA-8442 - Add YamlReader class

    ECA-8443 - Add PoC for import of one object type in ConfigdumpSessionBean

    ECA-8444 - Add import of important objects types in ConfigdumpSessionBean

    ECA-8445 - Add import in configdump dump handlers

    ECA-8446 - Create functional test (system test) for configdump import

    ECA-8447 - CLI test for Configdump

    ECA-8466 - ACME test suite re-factorings

    ECA-8468 - Only report when available upstream RA peers changes

    ECA-8475 - ACME end point test coverage

    ECA-8477 - Add import of End Entity Profiles in Configdump

    ECA-8478 - Configdump import of roles

    ECA-8481 - Add implementation version in jar files to CAA cli tool, and other tools

    ECA-8482 - Fix call of ACME operations with explicit ACME alias

    ECA-8490 - Configdump import of Certificate Profiles

    ECA-8502 - Create test for CaImportMsCaCertificates (import dump file created by certutil)

    ECA-8513 - Sort items in list boxes on the role_edit.xhtml page in alphabetic order

    ECA-8523 - Print CRL and public key when CRL fails to verify

    ECA-8525 - Test of configdump import of Publishers

    ECA-8527 - Option to export defaults in Configdump

    ECA-8528 - Configdump documentation

    ECA-8529 - AzureCryptoToken: Fix missing html ID and log if password is empty

    ECA-8537 - Test of Configdump import of Internal Key Bindings

    ECA-8543 - Exclude configdump import from ziprelease

    Bug Fixes

    ECA-7320 - CN from CSR not loaded correctly when "Changing a CSR"

    ECA-7486 - EEP default Token type selection doesn't work on RaWeb enrollmakenewrequest page

    ECA-7739 - Using a certificate profile template does not select the correct fields

    ECA-7849 - Regression: foot_banner not used

    ECA-7947 - Unused access rules are saved in basic mode

    ECA-8033 - For configdump, allow it to skip past CAs waiting for a response and complete.

    ECA-8099 - CA created with "Signed By External CA" has Serial Number Octet Size -1

    ECA-8232 - IPv6 RFC compliant HREF links in EJBCA

    ECA-8307 - CryptoTokenData: P11CryptoToken row entry touched/updated without need

    ECA-8319 - "clientToolBox PKCS11HSMKeyTool linkcert" command should work according to ICAO 9303

    ECA-8320 - SCP Publisher uses managing admin to sign payload

    ECA-8322 - CertificateCrlReader does not handle revocation publications correctly

    ECA-8323 - Fix findbugs warnings

    ECA-8325 - CMP Configuration UI issues

    ECA-8326 - CryptoToken.getPublicKey return javadoc differs from implementation

    ECA-8344 - Jenkins job EE_COS7_OpenJDK8_WF10_NOHSM_DB2 cannot find DB2 Express-C docker image

    ECA-8345 - Jenkins failing test 'org.ejbca.core.model.services.worker.CertificateCrlReaderSystemTest.testReadCertificateFromDisk'

    ECA-8354 - First column not displayed when running the script language-tool.sh -s

    ECA-8360 - Generated CRL Distribution Point and Issuer do not show correct DN

    ECA-8375 - Regression: Failing Selenium test EcaQa206_CRLPartitionsIncorrectSettings

    ECA-8383 - Reference lib.jpa.classpath not found when building cmpProxy for Tomcat.

    ECA-8391 - New EST alias fields missing from ConfigDump export

    ECA-8407 - User is asked to confirm slot re-use when editing an existing PKCS#11 crypto token

    ECA-8410 - Set EJBCA_HOME in ejbca.sh if not set already

    ECA-8411 - CRL is stored in publisher queue even if direct publishing is successful

    ECA-8412 - PublishQueueProcessWorker always reports a NO_ACTION ServiceExecutionResult

    ECA-8419 - Jenkins failing test 'org.ejbca.core.ejb.ProfilingTest.retrieveStats'

    ECA-8420 - Jenkins failing test 'org.ejbca.core.ejb.upgrade.UpgradeSessionBeanTest.testUpgradeOcspExtensions6120'

    ECA-8423 - Update Muehlbauer WS for removed Hardtoken

    ECA-8426 - Trim CT log URLs

    ECA-8428 - EST Name Generation USERNAME option gives error message when client username not set

    ECA-8433 - Add placeholder to ejbca resourses CMP error message

    ECA-8434 - OCSP Extensions are temporarily saved, even when the Save button is not clicked

    ECA-8435 - Some CA lists in RA Web is sorted case sensitive

    ECA-8436 - Caching issue with PSD2 fields in RA-web

    ECA-8457 - Database protection broken on existing installations

    ECA-8464 - EST configuration in Admin UI is not cleared when navigating away from the page

    ECA-8465 - MSSQL Jenkins job (DB collation has to support case sensitivity)

    ECA-8470 - Regression: GUI doesn't render "</br>" correctly for view certificate screen

    ECA-8479 - Crypto token manage page checks for wrong permission

    ECA-8484 - RA enrollment returns older certificate when validation fails

    ECA-8485 - Legacy External RA not working with Wildfly 14 because of problem with the hibernate provider.

    ECA-8486 - NPE when you click on 'Export selected' without selecting anything on Manage End Entity Profile page

    ECA-8488 - L10n: Typo in English language

    ECA-8492 - Importing Microsoft CA fails using ejbca.sh

    ECA-8504 - Inconsistency when creating roles in CA web and RA web

    ECA-8506 - Add missing textfield id for textfieldsharedcmprasecret

    ECA-8509 - Regression: EJBCA Ignores CryptoToken Selection While Creating CA When Using the Default Key Option for the CertSignKey

    ECA-8514 - RA Web incorrectly claims that role has members

    ECA-8515 - Peer connector missing permissions when Approval management is set

    ECA-8532 - Allow subject DN override and allow extension override is not honoured in the REST API

    ECA-8538 - Regression: exception clicking on "Clear caches" button

    ECA-8540 - Configdump error when exporting new unmodified ACME alias

    ECA-8541 - Missing setters and unhandled nulls cause errors in Configdump

    ECA-8542 - Fix configdump warning when importing certain End Entity Profiles