The following summary lists new features and other changes included in EJBCA Cloud releases.

For more information on features and improvements implemented in the latest release, see the EJBCA Cloud Release Notes.

EJBCA Cloud 3.0


EJBCA Cloud updates EJBCA Enterprise to version 7.11, see EJBCA 7.11 Release Notes.

The Cloud Configuration Wizard now allows you to select different database types. The wizard can test connections and install into Oracle, Microsoft SQL, PostgreSQL, and MariaDB in AWS and Azure.

EJBCA Cloud 2.11


EJBCA Cloud updates EJBCA Enterprise to version 7.10, see EJBCA Release Notes.

EJBCA Cloud 2.10.1

JUNE 2022

EJBCA Cloud updates EJBCA Enterprise to version 7.9.1, see EJBCA 7.9.1 Release Notes.

EJBCA Wizard now has Keyfactor branding and coloring.

EJBCA Cloud 2.10

APRIL 2022

EJBCA Cloud updates EJBCA Enterprise to version 7.9.0, see EJBCA 7.9.0 Release Notes.

EJBCA Cloud 2.9.2


EJBCA Cloud updates EJBCA Enterprise to version 7.8.1, see EJBCA 7.8.1 Release Notes. The most notable improvements in this EJBCA related to EJBCA Cloud are P11NG enhancements with CloudHSM in AWS that bring significant performance improvements.

The following lists new features and other changes included in the release.


EC-212 - Upgrade MariaDB to 10.5.X

EC-213 - Upgrade EJBCA to 7.8.1

Bug Fixes

EC-211 - Wizard does not allow underscore in DB username when RDS allows it

EJBCA Cloud 2.9.1


EJBCA Cloud updates EJBCA Enterprise to version, see EJBCA 7.8 Release Notes.

The following lists new features and other changes included in the release.


EC-203 - Upgrade EJBCA to

EC-204 - Upgrade WildFly to WildFly 24.0.1

EC-205 - Upgrade Java to JDK11

EC-207 - Change database permissions to be 10.4 RDS compliant

EC-208 - Upgrade JDBC Provider to latest current

EC-209 - Load balancers are redirecting HTTP to HTTPS due to Apache config

EC-210 - Refactor Apache Config to best practices

Bug Fixes

EC-200 - Bug in configuration wizard scripts in Azure when using external management CA

EC-201 - Change the SSL Server certificate profile to 1 year

EJBCA Cloud 2.8

JULY 2021

EJBCA Cloud updates EJBCA Enterprise to version 7.7.0, see EJBCA 7.7 Release Notes.

EJBCA Cloud 2.7

JULY 2021

EJBCA Cloud updates EJBCA Enterprise to version 7.6.0, see EJBCA 7.6 Release Notes.

EJBCA Cloud 2.6.1

EC-172 - Update provisioning code to allow for the new EJBCA 7.5.0 CloudHSM integration

EC-177 - Upgrade WildFly to version 21

EC-184 - Create Wizard for Azure Deployments that allows installation into an external database (including cluster joins for upgrades) as well as Azure Key Vault for the ManagementCA keys.

EC-185 - Integrate Azure Key Vault into Wizard for AKV stored keys

EC-186 - Allow users to edit ManagementCA DN in wizard - O and OU can now be configured along with CA Name

EC-187 - Upgrade nodeJS in confwizard to v14 and patch all packages

EC-175 - Automate EJBCA Azure Build to be unified with AWS

EC-182 - Merge automation of AWS & Azure into the single repo for unified build process

EC-192 - Update provisioning code to build Wizard based VA in AWS

EC-188 - Install NodeJS as part of the build rather than including it in source.

EC-189 - Upgrade all Azure support scripts to support external DBs like AWS does

EC-190 - Detect unknown ManagementCA name for cluster joins when a custom one was specified in configuration wizard.

EC-191 - Fix error handling of Cluster joins now that they work with 7.5.0

EC-193 - Update Azure Marketplace Template to remove Superadmin config since its now in the wizard

EC-194 - Update provisioning code to build RA or VA from single source bundle

EJBCA Cloud 2.5.3

EC-177 - Upgrade WildFly from version 10.1 to 21

EC-176 - Upgrade EJBCA to version

EC-174 - Upgrade Java to version JDK11

EC-171 - Fix regression where swagger enabled ejbca.ear file did not enable the flag correctly.

EC-167 - Add Thales DPoD to and some necessary environment variables (see Thales DPoD Integration Guide).

EJBCA Cloud 2.5

EC-163 - Allow "none" for publicIP to be selected in Azure template

EC-164 - Upgrade EJBCA to 7.4.3

EC-165 - Upgrade CentOS7.x to CentOS8.2 in Azure

EC-166 - Refactor how PublicDNS name is detected to make it no longer dependent on azure environment metadata or variables

EJBCA Cloud 2.4

EC-162 - Add use separate certificate data table to all EJBCA Cloud products

EC-161 - Change Installation process to use the built in index and schema SQL scripts

EJBCA Cloud 2.3

EC-160 - Upgrade EJBCA to 7.4.1

EC-159 - Change memory usage for WildFly on 8GB instances

EC-158 - Fixed errors on backup and restore scripts for RDS/Local installs

EJBCA Cloud 2.2

EC-152 - EJBCA Upgrade to 7.4.0

EC-153 - EJBCA ManagementCA name can now be changed so that all subsequent scripts detect this name change.

EC-154 - Renamed keys stored in the CloudHSM backed ManagementCA so they are detected by EJBCA healthcheck

EC-155 - Updated CloudHSM provider to May2020 version

EC-156 - CloudHSM client will now start properly after successful key creation by the configuration wizard.

EC-157 - Added AWS KMS flag to the default configuration for EJBCA

EJBCA Cloud 2.1.2 Update

EC-150 - Upgrade EJBCA due to Peering Issue

EC-151 - Upgrade MariaDB Database to 10.2.32

EJBCA Cloud 2.1.1 Update

EC-147 - Database permissions not applied correctly on certain RDS instances where external IPs were not utilized.

EC-148 - Script that turns EJBCA Cloud node into an RA, VA or Root doesn't apply reqcertindb property properly.

EC-149 - Script that turns node into an RA, VA or Root doesn't execute SQL commands correctly due to whitespace in source file.

EJBCA Cloud 2.1

EC-145 - Added an selecting to the database wizard to allow a cluster join option.

EJBCA Cloud 2.0

EC-135 - Backup and restore scripts now accommodate for any install made into RDS. Restore scripts also now reconfigure CloudHSM to make upgrades easier.
EC-140 - Port 8080 was found to be open and no longer needed since Apache is used to front end WildFly. Port closed.
EC-141 - CloudHSM provider upgraded to allow crypto tokens to be auto-activated.
EC-142 - Upgrade EJBCA to
EC-143 - Node does not install when no public DNS name is attached to public IP.
EC-144 - script no longer includes public IP and DNS information unless specified.

EJBCA Cloud 1.18

EC-137 - EJBCA Upgraded to 7.3.0 - Swagger enabled ejbca.ear included in dist dir.

EJBCA Cloud 1.17

EC-131 - EJBCA upgraded to 7.1.0
EC-130 - Added additional instance sizes to the AWS offering. Now includes AMD based instances and updated Intel based instances.
EC-129 - Product Renamed to EJBCA Enterprise Cloud in all scripts and documentation
EC-128 - Reduce Galera memory for small sized instances to 1GB
EC-127 - Options refactored in the script. Please see script help for new syntax.
EC-126 - Updated CloudHSM provider to handle large key IDs and ECDSA Keys

EJBCA Cloud 1.16

EC-125 - Upgrade EJBCA to
EC-124 - Detect Instance Type and change WildFly memory settings accordingly

EJBCA Cloud 1.15.2

EC-120 - Upgrade EJBCA to
EC-123 - Added logic to restore script to check for public certificates in an existing system for CloudHSM

EJBCA Cloud 1.15.1

EC-117 - Upgrade product and AMI to use Amazon Linux 2
EC-118 - Upgrade EJBCA to 6.15.1
EC-119 - Patched P11 Driver for CloudHSM to handle higher than 10K key handle numbers

EJBCA Cloud 1.15

EC-116 - Upgrade MariaDB to 10.2.18 and JDBC connector to 2.2.6
EC-115 - Added CloudHSM files to the backup and restore scripts
EC-114 - Upgrade EJBCA to 6.15.0
EC-113 - Update P11 driver to remove -priv from CKA_ID
EC-112 - Apache blocking PUT method for REST API. Apache fixed to allow PUT
EC-111 - Update PKCS#11 driver with EC fixes from Cavium
EC-110 - Add patched CloudHSM PKCS#11 driver to source code

EJBCA Cloud 1.14

EC-108 - Removed database protection configuration. Add ability for users to configure it later as needed.
EC-109 - Upgrade EJBCA to 6.14.0

EJBCA Cloud 1.13

EC-100 - Upgrade Amazon Linux host to new AMI version (2018.03.0)
EC-101 - Upgrade EJBCA Version to 6.13.0
EC-102 - Delay configuration of EJBCA so configuration tools such as Terraform can complete their jobs.
EC-103 - Improve the detection of Public IP addresses, so when a node does not have one the install will succeed.
EC-104 - Fix error handling in script for when no DNS name is provided. Clean up output files.
EC-105 - Change ManagementCA DN to have a unique value for each instance and have it better represent the host which it belongs to.
EC-106 - Add unauthenticated support to Apache config for EST protocol.
EC-107 - Improve VA/RA installation script handing of requiring the management cert in DB.

EJBCA Cloud 1.12

EC-99 - Upgrade EJBCA to 6.12.0
EC-96 - Create failsafe for rare cases where EJBCA install does not start correctly on fresh boot.
EC-94 - Added scripts that allow for a user to convert a CA into an RA. Another script to support creating TLS certs for Apache on an external RA or VA.
EC-93 - Add myq_tools with readme for Galera viewing
EC-92 - Upgrade Java Connector to MariaDB to 2.2.1 (current)
EC-91 - Add the ability for users to specify database password in system backup script
EC-90 - Upgrade MariaDB to 10.2.13
EC-89 - Add error detection for invalid option given in script
EC-87 - Improve and tune Galera Clustering Config
EC-86 - Add new EJBCA Enterprise Cloud Documentation Link to login banner

EJBCA Cloud 1.11.1

EC-97 - Fixed odd case where publicweb administration link would redirect to 8443
EC-98 - Upgrade EJBCA to

EJBCA Cloud 1.11

EC-82 - script updated to allow custom DNS names and IP addresses. SslServerProfile updated to allow 6 DNS names and 3 IP addresses and the script written to enforce that amount
EC-83 - Make all support scripts help accessible with the same -h and --help options.
EC-84 - Update EJBCA to
EC-85 - Kernel patch for MELTDOWN and Spectre
EC-86 - Added EJBCA Enterprise documentation link to SSH login banner

EJBCA Cloud 1.10

EC-80 - Upgrade EJBCA to
EC-78 - Add functionality to rotate TLS script for Apache via automated script in the support directory. This helps when adding in support for external (custom) DNS names as well as when public IP rotates.

EJBCA Cloud 1.09

EC-79 - Upgrade EJBCA to 6.10.0

EJBCA Cloud 1.08

EC-63 - Bug fixes
EC-64 - Perform external vulerability scan on product and fix findings
EC-77 - Add functionality to encrypt backup made during the restore process

EJBCA Cloud 1.07

EC-70 - Upgrade EJBCA to 6.9.1

EJBCA Cloud 1.06

EC-66 - Create Restore script for restoring backups on upgraded nodes in support folder.
EC-62 - Added auto rotation and purge for WildFly server logs

EJBCA Cloud 1.05

EC-25 - Create EJBCA and TLS Cert backup script in the support folder

EJBCA Cloud 1.04

EC-69 - Create support data gathering script. Bug fixes
EC-51 - Code cleanup and optimization

EJBCA Cloud 1.03

EC-55 - Customized login banner for SSH

EJBCA Cloud 1.02

EC56 - Bug fixes

EJBCA Cloud 1.01

EC-1 - Initial Release
EC-3 - Automate Installation