Issues Resolved in 7.5

Released May 2021

    New Features

    ECA-6630 - Create YAML export for CMP configuration

    ECA-6689 - Not possible to issue CA certificates through the RA web

    ECA-9441 - Implement support for a keystore using FIPS compliant algorithms

    ECA-9484 - Support for Ed25519 in P11NG

    ECA-9490 - General Account Binding (GAB)

    ECA-9491 - ACME External Account Binding (EAB)

    ECA-9492 - ACME EAB Configuration UI

    ECA-9494 - ACME EAB Implementation as specified in RFC8555

    ECA-9495 - ACME EAB Implementation for public key signature validation

    ECA-9500 - Add support for new eIDAS QC statement esi4-qcStatement-7, Legislation

    ECA-9525 - Optionally, add cache header for OCSP unauthorized response

    ECA-9527 - Add Role as standard DN field

    ECA-9550 - Prevent deployment of EJBCA after a hardcoded date

    ECA-9561 - ACME IP Identifier Validation http-01 Challenge

    ECA-9572 - Create MSAE Servlet module in EJBCA

    ECA-9633 - Support Thales DPoD

    ECA-9671 - Option to disable http-01 challenge for ACME wildcard certificates

    ECA-9696 - Make the ACME order validity configurable

    ECA-9724 - Add XCEP implentation in the msae package

    ECA-9737 - Add EST client mode

    ECA-9738 - CLI support to create new Crypto Token with Azure key vault (ejbca.sh ca cryptotoken)

    ECA-9762 - Read token and give access (RA Web)

    ECA-9767 - Add MS Intune Azure Active Directory authentication URL to SCEP alias

    ECA-9771 - Add Intune verification Auth. URL to SCEP alias configuration

    ECA-9780 - Add MSAE to protcol configuration

    ECA-9816 - Add Intune resource URL and Graph related fields to SCEP alias configuration and mask app key field

    ECA-9817 - Add CRL generation upon revocation and configdump

    Epics

    ECA-9005 - Integrate Microsoft Autoenrollment (MSAE) into the EJBCA RA

    ECA-9624 - OAuth Support

    ECA-9716 - CRL Generation upon revocation

    Improvements

    ECA-4750 - Change default configuration of User Notice text to use UTF-8

    ECA-7391 - Only show CA-related approvals in CA Web (and vice versa)

    ECA-7844 - The space before the Validator name is not trimmed

    ECA-8350 - Implement 'revokeCert' resource authorization for an ACME account holding all of the identifiers in the certificate

    ECA-8705 - Deleting items with dependencies

    ECA-8940 - Make P11-NG an optional provider for EJBCA

    ECA-9006 - Certificate Template Enrollment Authorization Bypass

    ECA-9282 - Replace outmoded language in EJBCA

    ECA-9361 - Add "Flush" and "Republish" to publisher queue view

    ECA-9378 - Improve the error logging for OCSP response generation

    ECA-9475 - Make REST search result limit rely on global config

    ECA-9489 - Add support for key unwrapping in P11-NG provider

    ECA-9526 - Fix OWASP job in Jenkins

    ECA-9532 - ACME system test failures

    ECA-9533 - ACME EAB config dump

    ECA-9540 - Selenium setup script fails in EJBCA CE

    ECA-9554 - Update nimbus-jose-jwt-8.19.jar to latest release 9.1.2

    ECA-9573 - Invoke RaMasterApi from MSAE Servlet

    ECA-9600 - Documentation improvement: E-mail Notification Configuration in EEP

    ECA-9608 - Separate CP5 functionality from regular P11 in P11-NG

    ECA-9611 - ACME EAB UI layout and code convention improvements

    ECA-9612 - Log which CMP message type is received

    ECA-9613 - Improve ACME EAB ConfigDump

    ECA-9626 - Add selenium tests for ECA-8705

    ECA-9627 - Improve ACME EAB Implementation for public key signature validation GUI

    ECA-9628 - Issue a qualified certificate with multiple Semantics Identifier (OIDs)

    ECA-9629 - Library upgrade in MSAE Servlet

    ECA-9646 - Re-enable OAuth configuration in CA UI

    ECA-9657 - Configure Keycloak login url

    ECA-9664 - MSAE Servlet Kerberos authentication

    ECA-9667 - Fix failing unit tests in Jenkins

    ECA-9670 - Improve Documentation: Remove meaningless instruction in REST example script

    ECA-9673 - Change kerberos configuration runtime

    ECA-9687 - Improve clean up of ACME nonce data

    ECA-9701 - Make it possible to query different AD machines from EJBCA server.

    ECA-9704 - OAuth login page for RA UI

    ECA-9715 - Improve caching for Azure Crypto Token

    ECA-9718 - Unit test for OAuth request

    ECA-9720 - Minor UX improvements for OAuth

    ECA-9728 - Query AD Policies from XCEP Service

    ECA-9729 - Encrypt ACME EAB symmetric key

    ECA-9730 - Make the CES (MSAE) implementation a Java WebService

    ECA-9731 - Option to use SSL / TLS AD connection in MSAE

    ECA-9732 - UI Configuration for MSAE

    ECA-9753 - Merge CertUtils and CertTools

    ECA-9754 - Convert AD time format to Java

    ECA-9761 - Fix JSF dynamic UI components update of value range

    ECA-9766 - Replace static list of AD Templates in MSAE UI Configuration

    ECA-9772 - Refactor MSAE AD Connection

    ECA-9773 - CEP Service: Invoke AD connection from external package

    ECA-9774 - CES Service: Invoke AD connection from external package

    ECA-9775 - Create unit tests for MSAE ASN1 helper class

    ECA-9784 - Add default P11 provider path for AWS CloudHSM

    ECA-9785 - Rename PKCS#11 CP5 to PKCS#11 NG in crypto token driver select list

    ECA-9796 - Add a CLI command to view detailed information about an OAuth provider

    ECA-9804 - MSAE UI option for policy name

    ECA-9811 - Support SHA256 and SHA512 RSA signatures for certificates issued by RSA based SSH CAs

    ECA-9835 - Read AD templates dynamically from CESService

    ECA-9838 - REST End Entity Management enabled by default

    ECA-9845 - Try to authenticate using OAuth when client certificate authentication fails

    ECA-9846 - Pin OAuth role members to a specific provider

    ECA-9858 - Support SHA224WithECDSA in P11-NG

    ECA-9875 - REST unable to pkcs10Enroll when EE profile uses auto generated password

    ECA-9878 - ACME pre-authorization system test

    ECA-9894 - Allow usage of JWK public key for OAuth

    ECA-9901 - Strip trailing slash from OAuth URL for KeyCloak providers

    ECA-9907 - Update mapped AD template settings

    ECA-9910 - Set ACME problem response content type to application/problem+json

    ECA-9913 - Fallback to database is CEP Service CA cert isn't found in cache.

    ECA-9917 - Prevent the user from adding public keys with duplicate keyids

    ECA-9923 - Administrator name should not be UUID when logging in with KeyCloak

    ECA-9960 - Revisit MSAE libs

    ECA-9964 - Allow CEP service to represent multiple CAs

    ECA-9965 - Rename default provider type

    Bug Fixes

    ECA-6010 - CLI importcacert can't import CA chain certificates

    ECA-7447 - Disable "set password" in RA web if end entity profile enrollment code is "auto-generated"

    ECA-7485 - EEP default CA selection doesn't work on adminweb EE creation and RaWeb enrollmakenewrequest pages

    ECA-8499 - Not possible to mix Sun PKCS#11 and CP5 PKCS#11 tokens

    ECA-8947 - The CLI command mergecatokens is not working for CAs with token type provider Pkcs11NgCryptoToken

    ECA-9140 - CA Structure & CRLs links do not work if CA DN contains &

    ECA-9155 - Certificate is generated without Username

    ECA-9317 - When "Use entity CN field" In The EEP is Enabled, it is not visible on adminweb while adding EE

    ECA-9499 - Security Issue

    ECA-9534 - Wrong label in end entity profile: "UID, Unique Identifier" subject DN field should be "userid"

    ECA-9543 - Fix DynamicUiProperty / DynamicUiModel property validation.

    ECA-9544 - Insert DynamicUiModel JSF into existing table grid

    ECA-9545 - Fix DynamicUiProperty / DynamicUiModel component enabling / visibility

    ECA-9546 - Adding RA Proxying of EjbcaWS.softTokenRequest

    ECA-9549 - Incorrect encoding of non-english languages in RA web on Java 11

    ECA-9558 - Multiple choices of the same curves in certificate profile - unable to enroll ECDSA prime256v1 certificate via RA Web

    ECA-9565 - Make the CE index page show the correct version information

    ECA-9568 - Remove the final/static keywords from EJB methods

    ECA-9586 - Regression: First letters of first DC component in CA DN always capitalized

    ECA-9590 - CA signing algorithm suggestion defaults to SHA1WithRSA after selecting crypto token

    ECA-9615 - Regression: When selecting multiple keys in a crypto token the wrong key(s) are removed

    ECA-9619 - Remote internal key binding updater service fails with nullpointer exception

    ECA-9622 - Null pointer exception is thrown when the CA tries to issue a certificate using a corrupt CSR

    ECA-9630 - Regression: EST re-enroll stopped working due to authorization of re-enrolling entity

    ECA-9632 - ExtendedInformation is not parsed correctly by SecureXMLDecoder for some values

    ECA-9634 - Fix ACME revokeCert resource for revocations for account holders having all authorizations for the identifiers in a certificate

    ECA-9638 - Fix ACME EAB exception handling

    ECA-9640 - CMP 3GPP: Unable to enroll Ericsson eNodeB in Vendor Mode

    ECA-9656 - EJBCA will debug log a private key if sent with CSR

    ECA-9660 - Cannot enroll over ACME using an EC keypair

    ECA-9661 - No check if Allow Subject DN Override by CSR in REST

    ECA-9666 - Missing space in TLS error message

    ECA-9675 - SCEP – null name for End Entity generated instead of DN serialNumber

    ECA-9714 - Some system tests failing on processing PKCS10 requests

    ECA-9721 - Error Admin UI rendering creating CAs with crypto token errors

    ECA-9726 - Regression: error about ApprovalData column when exporting using ejbca-db-cli

    ECA-9727 - REST API fail to enroll CSR with Subject Directory Attribute

    ECA-9736 - Regression: Add/Edit End Entity actions are not logged to Audit Log

    ECA-9741 - RA web ignores Subject Directory Attributes in user CSR

    ECA-9749 - Regression: Intune not working, upgrade intune libraries

    ECA-9764 - Fix failing configdump unit tests in Jenkins

    ECA-9765 - Regression: EjbcaWS.processSoftTokenReq does not work when end entity already exist

    ECA-9768 - REST API: NullPointerException enrolling end entity without ExtendedInformation

    ECA-9783 - Warnings printed from CEP Service on startup

    ECA-9802 - Regression: Response to acme endpoints is not correct in all cases.

    ECA-9805 - Enrollment code not shown in RA web when using key recovery

    ECA-9806 - AlgorithmTools is spamming the log, lower log level for list of available algorithms

    ECA-9807 - Workaround C_GetAttributeValue bug in AWS CloudHSM

    ECA-9808 - CE build broken. Package org.cesecore.keys.token.p11ng.provider does not exist (in CE)

    ECA-9809 - Unable to sign RSA public keys with SSH CA

    ECA-9815 - OAuth login page is not shown when authentication fails on a JSP page

    ECA-9822 - Regression: ejbcaClientToolBox.bat does not work

    ECA-9824 - Edit CA resets Extended Services Key Specification for CMS CA Service

    ECA-9839 - Theoretical NPE in EjbcaWebBeanImpl

    ECA-9841 - OAuth provider without keys cannot be deleted

    ECA-9847 - Regression: Missing library in CMP HTTP proxy

    ECA-9851 - OAuth Client Secret should be input type password

    ECA-9853 - OAuth refresh token assumes there is also an access token

    ECA-9855 - Security issue

    ECA-9859 - Read profiles via Peers for MSAE UI Configuration

    ECA-9860 - Same MSAE policy UID is used for all machines

    ECA-9862 - MSAE AD password is shown cleartext

    ECA-9871 - Fix trace interceptor invocation duration

    ECA-9872 - Regression: Peer publishing between 7.5 and older is broken

    ECA-9873 - Error clicking "previous" CA certificate in CA structure certificate view

    ECA-9877 - External RA: Unable to access external RA

    ECA-9886 - Fix ACME pre-authorization order creation

    ECA-9887 - Security Issue

    ECA-9895 - Oauth login fails in chrome

    ECA-9896 - Failed to get token from authorization server. HTTP status code 401

    ECA-9900 - Fix AcmeConfiguration upgrade method.

    ECA-9904 - LDAP Connection resets regularly

    ECA-9908 - Test connection doesn't use the saved password

    ECA-9909 - List of "Available MS Templates" isn't sorted

    ECA-9912 - Incorrect table definition in sql script for MS-SQL for OcspResponseData.rowProtection

    ECA-9916 - Implement oid claim for Azure

    ECA-9919 - PKCS11HSMKeyTool fails with missing jna dependency

    ECA-9924 - AD Search Scope too narrow

    ECA-9931 - Security hardening

    ECA-9932 - Fix exception with "default method" in Java on some environments

    ECA-9933 - Must enter client secret again when saving OAuth provider

    ECA-9938 - OAuth login in RA UI does not work over peer connection

    ECA-9949 - OAuth: Failed to get token from authorization server.

    ECA-9954 - Regression: NPE when getting non-existent configuration over peers, when debug logging is enabled

    ECA-9956 - Conf files update is not reflected

    ECA-9958 - Regression: NPEs on System Configuration page

    ECA-9959 - MSAE SAN DNS Contains only domain part

    ECA-9963 - EstRAModeBasicTest failing due to typo in expected error string

    ECA-9967 - Errors in CA UI when TLS session is restarted

    ECA-10042 - ACME EAB secret key logged on debug level