Issues Resolved in 7.9.0

Released April 2022

    New Features

    ECA-7321 - RA Web should accept CSR in DER format

    ECA-9834 - ACME configuration alias max. length of 250 characters

    ECA-10261 - Add support for RFU bits in cert-cvc

    ECA-10263 - Add support for RFU bits in EJBCA

    ECA-10467 - Define new CA type for ITS CA's

    ECA-10468 - ITS CA Type in the UI

    ECA-10470 - REST Resource for ITS Certificate Request

    ECA-10529 - ITS end entity request and response creation and verification

    ECA-10554 - Allow CMPv2 enrollment in RA mode using vendor certificate

    ECA-10592 - Authorization validation for ETSI certificates and integration to REST

    ECA-10593 - End Entity management over REST for C-ITS ETSI

    ECA-10612 - Import CITS CA and other UI changes for CITS

    ECA-10613 - Subject attributes validation during registration, EC enroll and authorization validation

    ECA-10614 - Download or rest endpoint for CITS certificates

    ECA-10625 - Future Dated CRLs from the CLI.

    ECA-10627 - Allow WS requests using Request Processors send through editUser as well

    Improvements

    ECA-7381 - Sunset Public Web

    ECA-7588 - Remove CADataHandler

    ECA-7765 - Allow public user to finalize enrollment in RA Web

    ECA-8476 - Only show logout button in CA web when "Session timeout" is enabled

    ECA-9256 - Allow an OCSP Responder to sign for other CAs

    ECA-9566 - The Option "Send notification" is Not Available in RA Web

    ECA-9799 - Search for Certificates at RA Web doesn't reflect Expired status in the main table list

    ECA-10296 - Update EJBCA libs for Swagger to work on Wildfly > 22.0.0

    ECA-10345 - Put PIN last in the GUI when creating crypto token

    ECA-10413 - Allow EEP Subject DN values to be enforced

    ECA-10414 - Add E-mail checkbox "Use email from address field" to RA-web

    ECA-10416 - Increase CSR Size Limit

    ECA-10418 - Name constraint support for make new request in RA web

    ECA-10421 - Add checkbox to RA Web when creating end entity to activate key recovery

    ECA-10452 - Trim external log lib

    ECA-10454 - Improve dn merge procedure for end entities

    ECA-10456 - Add end entity with clear text password in the RA web

    ECA-10459 - Code cleanup: modules/oldlogexport

    ECA-10460 - Code cleanup: modules/externalra-gui

    ECA-10469 - Define MVP TBSCertificate fields for ITS CA's

    ECA-10473 - Complete the rest endpoint implementation for CITS

    ECA-10474 - Increase length of ACME EAB with symmetric keys generated key.

    ECA-10476 - Introduce ITS Certificate Profile

    ECA-10488 - Upgrade ITS epic branch with BC 1.7.1 b03

    ECA-10489 - Create enrollment endpoint for the ITS REST API

    ECA-10494 - Not able to reconnect to P11NG Crypto Token after HSM network disconnect

    ECA-10501 - Remove support for CMP over TCP

    ECA-10504 - Get rid of appender code in UpgradeBean to Log4J2

    ECA-10512 - Upgrade EJBCA Intune Integration to Use Microsoft Graph API

    ECA-10530 - Update standalone scripts with log4j compatability flag

    ECA-10538 - SHAxWithRSAAndMGF1 / SHAxWithRSASSA-PSS not working with Azure Key Vault or AWS KMS Crypto tokens

    ECA-10539 - Update slf4j

    ECA-10543 - Update PublicAccessToken to not require delete end entities access rule

    ECA-10548 - Add CrmfRequestTest into Jenkins

    ECA-10555 - OEREncoding for InnerECRequest/Response

    ECA-10558 - REST endpoint for ITS-S Registration

    ECA-10576 - System test for ITS REST endpoint

    ECA-10584 - Update ejbca.cmd with log4j changes

    ECA-10585 - Deprecate and remove legacy batch enrollment GUI

    ECA-10610 - Hardening

    ECA-10615 - Upgrade BC to 1.71, pull in main branch changes

    ECA-10619 - Upgrade commons-cli to 1.5

    ECA-10628 - Allow the encryptpwd CLI command to run without appserver active

    ECA-10633 - Upgrade jack11nji

    ECA-10642 - Refactor ITS enrollment operation to be performed by CA implementation

    ECA-10647 - Improve EJBCA's behavior when looking up invalid DNS records for CAA


    Bug Fixes

    ECA-9950 - Batchenrollment gives BCFKS error

    ECA-10219 - New role members cannot manage existing approval requests

    ECA-10228 - Invalid ocsp certificate prevents wildfly startup

    ECA-10279 - CVC is not working in RA web

    ECA-10388 - Peer connections using RSA Authentication Key binding with P11NG, Azure and AWS crypto tokens stopped working after JDK update

    ECA-10424 - Logging Location of API Requests

    ECA-10426 - Configurable DN order in LDAP Publisher

    ECA-10436 - Regression: Error editing Key Vault crypto Token

    ECA-10437 - CA Functions CRL download link fails to download CRL when CA SubjectDN contains ampersand

    ECA-10457 - REST configdump export can fail even if ignore errors is enabled

    ECA-10463 - ConfigDump Export/Import EEPs with multiple DNs/SANs

    ECA-10471 - Regression - ejbca-db-cli not working after upgrading to 7.8.0.1

    ECA-10484 - Regression: P11NG and CloudHSM using Healthcheck sometimes causes HSM to go offline with CKR_OPERATION_ACTIVE

    ECA-10485 - CMP Certificate Confirmation - Default CA

    ECA-10490 - Cannot re-activating suspended cert with "Safe Direct Publishing"

    ECA-10491 - X.509 CA sequence is compared with keysequence from cert request in a wrong way

    ECA-10497 - Regression: OCSP signing cache is always reloaded for requests with unknown CAs


    ECA-10507 - Regression: P11NG signing misses NULL parameter in PKCS#1 algorithms parameters for RSA SHA algorthms

    ECA-10532 - Fix ACME issuance of certificates with non-validated domains

    ECA-10533 - EJBCA RA - Navigation dead-ends

    ECA-10534 - Enrollment fails with GetCACert enabled in SCEP CA mode

    ECA-10535 - AWSS3Publisher causes OCSP Peer Publishing to fail

    ECA-10549 - Disable "Use queue ..." options when "Safe Direct Publishing" enabled

    ECA-10550 - Regression: Potential NPE causes test failures when Trace logging is enabled

    ECA-10557 - Jenkins CMP test failure

    ECA-10569 - Create tests for cmp update command in cli

    ECA-10571 - Make "Unspecified" revocation reason in OCSP responses configurable

    ECA-10572 - URI Name Constraints should not allow/require protocol to be specified.

    ECA-10577 - Key algorithm of uploaded CSR field shows wrong value

    ECA-10579 - Clean up access rules requirements for using a CSR on the Make New Request page

    ECA-10583 - Name constraint error produces stacktrace and unintuitive error message in RA UI

    ECA-10591 - Startup database error due to deprecated property UserData.hardTokenIssuerId

    ECA-10601 - Failures in PostgreSQL running create-index sql script, comment out drop index statements

    ECA-10603 - ejbca-db-cli Broken

    ECA-10620 - Request and EE CA mismatch still cause EE status change

    ECA-10621 - Minor security issue

    ECA-10622 - Changing an EE status over RA web leads to unwanted disabling of Batch generation (clear text pwd storage) checkbox

    ECA-10626 - Support 'Any' cryptoProivder in MSAE templates

    ECA-10634 - Fix IOException in db-cli

    ECA-10635 - Update AzureBlobPublisher to use new Azure auth

    ECA-10637 - Azure Key Vault only lists the first 25 key aliases

    ECA-10638 - EJBCA restricts OCSP nonce to 30 octets instead of 32 as stated in RFC8954

    ECA-10644 - The publisher queue inspection window should display the time with a 24-hour clock

    ECA-10662 - Intune Resource URL not honored in new SCEP code