Issues Resolved in 7.8.1

Released December 2021

    New Features

    ECA-9561 - ACME IP Identifier Validation http-01 Challenge

    ECA-9760 - REST searchCertificates call with pagination

    ECA-10108 - Merge additional support for the NONEwithRSAandMGF1 (raw RSASSA-PSS) signature algorithm in P11NG

    ECA-10184 - KeyVault Machine Identity Authentication

    ECA-10334 - HTTP Basic Authentication in EST client mode

    ECA-10344 - REST API support for configdump export

    ECA-10347 - REST API support for configdump import

    ECA-10349 - Add configdump support to Azure BLOB publisher

    ECA-10356 - Add Primus HSM PKCS#11 library path

    ECA-10380 - Domain Allow List Validator

    ECA-10395 - Add support for URI Name Constraints

    Improvements

    ECA-5472 - Foldable view when there are many optional fields in the RA

    ECA-8562 - Improve tests coverage of Configdump's import of Certificate Profiles

    ECA-8745 - Increase the number of SANs configurable in end entity profiles (to >100)

    ECA-9681 - Fix AcmeOrderData end entity stored including binary data as map

    ECA-9763 - Change the message for CA Activation with approvals

    ECA-10092 - Add cert auth to Azure Trusted OAuth Provider

    ECA-10266 - Upgrade Nimbus JOSE+JWT to nimbus-jose-jwt-9.12.1.jar

    ECA-10284 - Check if all invocations of AcmeAccountSessionBean.updateAccount are required

    ECA-10293 - Bad signature performance using P11-NG with network HSMs

    ECA-10302 - Revoking certificates from adminweb with reason 'Privileges withdrawn'

    ECA-10318 - Add roles claim to Azure OAuth for Authentication

    ECA-10322 - Create tables SQL script for NDB cluster has flaws

    ECA-10324 - Combine ACME and general EAB

    ECA-10327 - Reduce CRL and OCSP Validities by 1 second

    ECA-10330 - Change default settings SCT in EJBCA 7.x

    ECA-10333 - REST Search - Return eep and cp values

    ECA-10339 - Viewing CRL's for CA with MS Compat Enabled

    ECA-10345 - Put PIN last in the GUI when creating crypto token

    ECA-10352 - MS CA compat with Sub CA in EJBCA and External Root

    ECA-10353 - Allow name constraints to block all DNS Names

    ECA-10354 - Fix ACME pre-authorization returns order object without authorization

    ECA-10355 - Update EJBCA to work with Wildfly 25

    ECA-10358 - ACME performance - refactor AcmeOrderSessionBean.processPendingOrders

    ECA-10360 - Add aliases cache for P11-NG crypto tokens

    ECA-10361 - PKCS#10 REST endpoint using end entity information (not CSR)

    ECA-10367 - Optimize PKCS#11 sign to avoid redundant PKCS#11 calls

    ECA-10377 - EE REST API support search by modified date

    ECA-10382 - Allow to configure ignored CAA properties when their processing is done outside EJBCA

    ECA-10384 - Differentiate rows in CA Structures & CRLs

    ECA-10398 - Align buttons in Certificate Profile and Publishers sections

    ECA-10400 - X509CACrlUnitTest test fix

    ECA-10406 - Merge smaller P11-NG changes from SignServer

    ECA-10428 - Remove extra dot from cert

    ECA-10430 - Upgrade BC to 1.70

    Bug Fixes

    ECA-6166 - CA key export does not warn if no RSA keys are present for encryption.

    ECA-7235 - Settings are reset when Match with setting is changed

    ECA-8227 - It is possible to revoke an already revoked end entity

    ECA-9203 - Exception occurrs even if 'Gender' value is given

    ECA-10126 - Error when syncing to VA via peer connector

    ECA-10157 - Security Issue

    ECA-10172 - EST Vendor Mode ChangeSubjectName should not compare with the CSR DN

    ECA-10224 - CREATE CA: NullPointerException

    ECA-10229 - CMP Authentication Radio Buttons are not disabled in view page

    ECA-10237 - Trusted OAuth Providers are removed without any warning or confirmation

    ECA-10254 - SCEP alias for Intune not allowing certain characters for client secret.

    ECA-10264 - Configdump import failed if the /cryptotoken/keys/remove/ rule is set

    ECA-10295 - Configdump does not import Approval Profiles

    ECA-10301 - Revoking certificates from adminweb with reason 'AA compromise'

    ECA-10303 - Throwaway CA Revocation Broken in 7.6.0

    ECA-10311 - View CMP Alias page says: Edit CMP Alias

    ECA-10319 - Broken RA End Entity edit page

    ECA-10320 - OCSP not working when CA uses Ed25519

    ECA-10323 - Enrollment code can not be empty when setting EE status from Generated to New with autogenerated enrollment codes

    ECA-10343 - NumberFormatException when creating a crypto token using token label when cryptotoken.p11.lib.X.slotlist is used

    ECA-10357 - Ignore keys which cannot be read by the P11NgCryptoToken

    ECA-10363 - Make audience check optional

    ECA-10365 - Fix links in ACME HTTP response headers

    ECA-10383 - In RAWeb custom values "Set validity" doesn't work

    ECA-10390 - "Republish" publisher queue view action uses wrong PublishQueueProcessWorker

    ECA-10391 - 'Required' restriction on name constraints in end entity profiles are not validated.

    ECA-10394 - Clean up of cesecore-p11 is not optional

    ECA-10399 - ExpiredCertsOnCRL encodes with fractional seconds

    ECA-10404 - Make EEP upgrade for 7.8.1 cluster compatible

    ECA-10407 - Audience cannot be empty when "disable audience check" is selected

    ECA-10410 - Reintroduce ECA-9475

    ECA-10422 - Fix failing tests