PrimeKey is proud to announce the release of EJBCA Cloud 2.6.1.

EJBCA Cloud 2.6.1 is a significant release and brings many new features as well as the addition of EJBCA Enterprise which is a significant release for EJBCA.


Configuration Wizard for Microsoft Azure

A configuration wizard has been added to Azure EJBCA Cloud products. The instance will now boot to a configuration wizard that will allow you to customize the installation. For help in navigating the configuration wizard, see the EJBCA Cloud Launch Guide for Microsoft Azure.

New CloudHSM Integration for AWS with EJBCA 7.5

CloudHSM integration completely changes with EJBCA 7.5 and the addition of P11NG. P11NG is a custom P11 Provider that can be used instead of SunPKCS#11 in EJBCA. P11NG provides more control and allows removing the dependency on the custom Liquidsec provider used in prior AWS deployments. The Liquidsec provider wrote the public part of the private key to the disk of the local node. Thus, when doing cluster joins or adding a node to the cluster with CloudHSM based deployments, these public keys had to be copied to these additional nodes. With EJBCA Cloud 2.6.1 and the custom P11 provider, this is no longer the case once a conversion process is done to move these pubic keys to CloudHSM. For more information, see AWS CloudHSM Integration Guide.

New Features and Improvements

The following lists new features and other changes included in the release.

EC-172 - Update provisioning code to allow for the new EJBCA 7.5 CloudHSM integration

EC-177 - Upgrade WildFly to version 21

EC-184 - Create Wizard for Azure Deployments that allows installation into an external database (including cluster joins for upgrades) as well as Azure Key Vault for the ManagementCA keys.

EC-185 - Integrate Azure Key Vault into Wizard for AKV stored keys

EC-186 - Allow users to edit ManagementCA DN in wizard - O and OU can now be configured along with CA Name

EC-187 - Upgrade nodeJS in confwizard to v14 and patch all packages

Additional tasks that benefit the product:

EC-175 - Automate EJBCA Azure Build to be unified with AWS

EC-182 - Merge automation of AWS & Azure into the single repo for unified build process

EC-192 - Update provisioning code to build Wizard based VA in AWS

EC-188 - Install NodeJS as part of the build rather than including it in source.

EC-189 - Upgrade all Azure support scripts to support external DBs like AWS does

EC-190 - Detect unknown ManagementCA name for cluster joins when a custom one was specified in configuration wizard.

EC-191 - Fix error handling of Cluster joins now that they work with 7.5

EC-193 - Update Azure Marketplace Template to remove Superadmin config since its now in the wizard

EC-194 - Update provisioning code to build RA or VA from single source bundle

Upgrade Information

The following provides important information on changes and requirements to be aware of when upgrading.

All existing CloudHSM users should migrate their public keys to CloudHSM using the provided process. The migration process can be performed on one of the existing EJBCA Cloud nodes. This way, when a new EJBCA Cloud 2.6.X (EJBCA 7.5) node is launched from AWS, it will recognize the proper key configuration on the HSM. For information on migrating your public keys to CloudHSM, see the EJBCA CloudHSM Integration Guide section on migrating CloudHSM keys.

For information on how to upgrade an EJBCA Cloud hourly instance node from one version of EJBCA to another, see the AWS Restore and Upgrade Guide and Azure Restore and Upgrade Guide, respectively.