This section provides information on upgrading from your current version to a later version of EJBCA and the Upgrade Paths table below helps you determine the most efficient upgrade path.
Also see the EJBCA Upgrade Notes for the version you plan to upgrade to (and any version in between).
When upgrading or changing a configuration setting in a properties file, it is not required to fully re-install EJBCA or re-configure the application server. Instead, deploy a new EJBCA application (ejbca.ear) to the application server using the
ant deployear command.
Follow the steps below to upgrade from one version of EJBCA to a new version.
conf/*.propertiesfrom the earlier installation.
This step is not required if you are using an ejbca-custom directory (see ejbca-custom below).
- Merge changes (if there are any) from
Copy the content of the
p12directory from the earlier installation and run the following command with the new version:
$ ant deployearBASH
Note that the command
deployeardeploys a new
ejbca.earto the application server, not performing the same configuration work as the
If you have switched application server (a new version, or just unpacked a fresh installation of it), you need to run the following additional command to copy the TLS keystores over to the new server:
$ ant deploy-keystoreBASH
- You also need to configure TLS for your application server. See the application server specific instructions for the installation, for example for WildFly on Application Servers.
All database upgrades require CREATE and ALTER TABLE privileges in addition to the usual privileges SELECT, UPDATE, INSERT, and DELETE. The SQL executed by database upgrades code is available in
src/upgrade/<oldversion>_<newversion>/<oldversion>_<newversion>-upgrade-<database>.sql. For example,
src/upgrade/700_710/700_710-upgrade-oracle.sql. For MariaDB, use the
To ease upgrades and allow keeping your personal configurations from a version to another, you can store your personal EJBCA modifications in the
ejbca-custom folder. Your modifications will automatically overwrite any existing files found in the
EJBCA_HOME directory before executing an
ant command. For more information, see Modifying EJBCA.
Use the table below to determine the most efficient upgrade path from your current version to the later versions of EJBCA and see the Notes section below for details.
Also see thefor the version you plan to upgrade to (and any in between).
|Your Version||Recommended Upgrade Path||Upgrade Steps|
4.0.15 or earlier on JDK6 or earlier
|Upgrade to 4.0.16 and then upgrade to 22.214.171.124.|
|4.0.16 to 5.0.11 on JDK6 or earlier||Upgrade to 126.96.36.199 and then upgrade to the latest version of EJBCA.|
|5.0.12 to 6.3.x||Upgrade to the latest version of EJBCA.|
|6.4.0 or later||Upgrade to the latest version of EJBCA.|
Intermediate Release EJBCA 188.8.131.52
The intermediate release EJBCA 184.108.40.206, released 1 December 2017, handles intermediate upgrade steps when upgrading a version prior to 5.0.12 to a later EJBCA version.
Up until and including version 220.127.116.11, EJBCA can be run on JBoss 5.1, while higher versions of EJBCA require Java 8 and WildFly.
Approval Request after EJBCA 6 Upgrade
If you are using approvals and upgrading to EJBCA 6, please be aware of an issue preventing approval requests created in EJBCA 5.x or earlier from being displayed after the upgrade. For details, refer to ECA-8831.
Upgrading past these technology jumps requires not only upgrading EJBCA, but also the underlying software such as the JDK and the application server.
- EJBCA 6.4.0: JDK6 → JDK7: End of support for legacy runtime version JDK6 and moving to JDK7.
- EJBCA 6.4.0: JEE5 → JEE6: With the move to runtime version JDK7, it can no longer be deployed to application servers based on JDK6 such as JBoss versions 4 and 5. The latest version that can still run under JDK6 is the EJBCA 18.104.22.168 intermediate release. Thus, EJBCA 22.214.171.124 and earlier can be run on JBoss 5.1.0.GA server (JEE5), while later versions require an upgrade of the JDK and application server, JDK8 and JBoss EAP 7 or WildFly 10 are recommended.
- EJBCA 7.0.0: JDK7 → JDK8: End of support for legacy runtime version JDK7 and moving to JDK8
EJBCA 7.0.0: JEE6 → JEE7: With the end of JDK7 support, support of JEE6 reliant application servers ceases as well. Minimum supported version of JBoss is EAP7/Wildfly 10.
Upgrade Process Changes
- As of EJBCA 4.0, full up-time is supported during upgrades for clustered installations, using the upgrade process steps
upgrade: Performs steps required for upgrading the first node to be able to function once it comes online again.
post-upgrade: Performs remaining upgrade steps (such as clean-up) that can only be performed once all nodes are running the latest code.
- As of EJBCA 6.4.0, the database version is tracked internally, making the upgrade automatically run from the first run running the upgraded code, making the
- As of EJBCA 6.8.0, you can perform post-upgrades from the Admin Web. When a post-upgrade is required, the System Configuration menu option System Upgrade is available.