The PrimeKey EJBCA team is pleased to announce the release of EJBCA 7.4.2.
This release brings support for CertBot versions 1.4.0 through 1.6.0 and includes improvements and bug fixes.
CertBot 1.4.0 through 1.6.0 supported
EJBCA support for ACME CertBot was limited to version 1.3.0. From this release, EJBCA also supports versions 1.4.0 through 1.6.0.
OCSP Responses no longer include Unspecified reason code
Due to changes in the CA/B Forum Baseline Requirements version 1.7.1, effective as of 2020-09-30, the behavior of the VA has been changed so that OCSP responses where the certificate is revoked with the "Unspecified" reason code, the reply will no longer include the reason code attribute.
Additional RDNs allowed in ACME Requests
In our initial implementation of the ACME protocol, only the CN field and dnsName SANs were processed. In order to allow for the issuance of other types of certificates from ACME, we now allow the inclusion of additional fields by enabling Allow subject DN override using CSR in the certificate profile.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in EJBCA 7.4.2, refer to our JIRA Issue Tracker.
ECA-9360 - Omit "unspecified" revocation reason in OCSP responses
ECA-9328 - Improve JackNJI11ProviderTest
ECA-9341 - Permit inclusion of additional subject DN fields when using ACME
ECA-9165 - Certbot 1.4.0-1.6.0 fails to enroll over RA peer
ECA-9285 - Warn about incorrect peer role configuration that breaks RA nodes
ECA-9301 - EJBCA freezes at startup if cyclic cross-signed root certificates are used in OCSP chain
ECA-9342 - SCP Publisher doesn't close all connections
ECA-9344 - DB import fails when number of objects are high
ECA-9357 - Count of successful publishing operations not correct in PublisherQueueSessionBean