The PrimeKey EJBCA team is pleased to announce the release of EJBCA 7.4.2.

This release brings support for CertBot versions 1.4.0 through 1.6.0 and includes improvements and bug fixes.

Deployment options include EJBCA Hardware ApplianceEJBCA Software Appliance, and EJBCA Cloud.

Highlights

CertBot 1.4.0 through 1.6.0 supported

EJBCA support for ACME CertBot was limited to version 1.3.0. From this release, EJBCA also supports versions 1.4.0 through 1.6.0. 

OCSP Responses no longer include Unspecified reason code

Due to changes in the CA/B Forum Baseline Requirements version 1.7.1, effective as of 2020-09-30, the behavior of the VA has been changed so that OCSP responses where the certificate is revoked with the "Unspecified" reason code, the reply will no longer include the reason code attribute.

Additional RDNs allowed in ACME Requests

In our initial implementation of the ACME protocol, only the CN field and dnsName SANs were processed. In order to allow for the issuance of other types of certificates from ACME, we now allow the inclusion of additional fields by enabling Allow subject DN override using CSR in the certificate profile.

Upgrade Information

Review the EJBCA 7.4.2 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

EJBCA 7.4.2 is included in EJBCA Hardware Appliance 3.5.4 and EJBCA Cloud 2.4 and can be deployed as EJBCA Software Appliance.

Change Log: Resolved Issues

For full details of fixed bugs and implemented features in EJBCA 7.4.2, refer to our JIRA Issue Tracker.

Issues Resolved in 7.4.2

Released September 2020

New Feature

ECA-9360 - Omit "unspecified" revocation reason in OCSP responses

Improvement

ECA-9328 - Improve JackNJI11ProviderTest

ECA-9341 - Permit inclusion of additional subject DN fields when using ACME

Bug Fixes

ECA-9165 - Certbot 1.4.0-1.6.0 fails to enroll over RA peer

ECA-9285 - Warn about incorrect peer role configuration that breaks RA nodes

ECA-9301 - EJBCA freezes at startup if cyclic cross-signed root certificates are used in OCSP chain

ECA-9342 - SCP Publisher doesn't close all connections

ECA-9344 - DB import fails when number of objects are high

ECA-9357 - Count of successful publishing operations not correct in PublisherQueueSessionBean