The PrimeKey EJBCA team is pleased to announce the release of EJBCA 7.4.0.

This release has been driven by our aim to become one of the most stable and easy to use PKI software suites out there, while still keeping a technological edge. To this aim we've put a special drive into making our automated testing more comprehensive and working on our bug backlog, fixing no less than 152 reported bugs in this release alone. 

Highlights

Pre-produced OCSP Responses 

A commonly requested feature through the years, the EJBCA VA can now produce pre-produced OCSP responses in accordance with RFC6960. This feature has two potential benefits for your VA infrastructure - it allows you to pre-sign OCSP responses during low times for use during peaks, and CAs under requirement to do so can be set to produce responses valid after the CA's expiration.

Ed25519 and Ed448 Support

EdDSA is now supported for software crypto tokens, with support for both Ed25519 and Ed448.

Approvals added to SCEP

When using SCEP in RA mode, it's now possible to use approvals during enrollment.

Google Safe Browsing Validator

We've added a new validator type to check against the Google Safe Browsing API.

Cloud PKI Support

EJBCA 7.4.0 has added encryption for SCEP with Azure Key Vaults and support for AWS Key Management Service (KMS).

Documentation Improvements

Quite a bit has happened with our documentation, but we'd like to highlight that CMP with 3GPP has been fully and comprehensively documented.

Upgrade Information

Review the EJBCA 7.4 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

EJBCA 7.4.0 is included in EJBCA Hardware Appliance 3.5.2 and EJBCA Cloud 2.2.

Change Log: Resolved Issues

For full details of fixed bugs and implemented features in EJBCA 7.4.0, refer to our JIRA Issue Tracker.

Issues Resolved in 7.4.0

Released June 2020

New Features

ECA-4491 - Support Ed25519 and Ed448 (EdDSA) certificate issuance using soft crypto tokens

ECA-5333 - Ability to search for approval requests by part of Subject DN / or e-mail

ECA-6787 - Ability to specify Superadmin Validity during installation

ECA-6790 - Add "Enforce Key Renewal" Option

ECA-7162 - Add regex validation to usernames for EEP

ECA-8699 - Support encryption for SCEP in Azure Key Vault crypto token

ECA-8718 - Add test of "Enforce Key Renewal"

ECA-8781 - CLI command to import key recovery data for end entities

ECA-8848 - Database table for pre-produced OCSP responses

ECA-8849 - Service worker pre-produced OCSP responses

ECA-8850 - CA setting enabling pre-produced responses.

ECA-8852 - Publisher for OCSP Response Data

ECA-8866 - Create OCSP Cache for CA canned response setting

ECA-8878 - Session bean (interface etc) for OcspResponseData

ECA-8892 - Handling conflict between CA setting to pre-produce OCSP responses and OCSP Key binding nonce setting

ECA-8895 - Create indexes for the OCSPResponseData table

ECA-8899 - Approvals for SCEP RA mode

ECA-8913 - Support AWS KMS (Key Management Service, different from AWS CloudHSM)

ECA-8944 - Service worker UI for OCSP pre-production

ECA-8962 - Implement SCEP enrollment with approvals for already existing end entities

ECA-8990 - Update plugin sample to deploy cleanly

ECA-9051 - Shift the configuration of ExtendedUserDataHandlers (such as the UnidFnrHandler) from CMP configuration to CA configuration

ECA-9053 - Implement configuration of Request Processors in the CA

ECA-9057 - Implement a validator for the Google Safe Browsing API

ECA-9065 - Upgrade procedure after moving Request Processors from CMP to CA

ECA-9066 - Shift execution of Request Processors from CrmfRequestHandler into CertificateRequestSession

ECA-9072 - Service worker logic for final OCSP response

ECA-9074 - Support for CLI batch generation with EdDSA keys

ECA-9142 - Create a webservice call for creating an externally signed CA.

ECA-9163 - Add support for WS createExternallySignedCa command in clientToolBox

Tasks

ECA-7435 - Java 11: SOAP WS Client and Tests do not work

ECA-8212 - Batch enrollment GUI does not build under JDK11

ECA-8651 - Update resteasy jars used for junit testing

ECA-8695 - Security: Upgrade external dependency

ECA-8696 - Update db2jcc4.jar used for jenkins tests

ECA-8700 - Use reflection in CESeCoreUtils to support older version of Java

ECA-8717 - Java 11: ejbca-ws-cli uses endorsed.dirs which is not supported in java 11

ECA-8724 - Upgrade cert-cvc to 1.4.10

ECA-8727 - Documentation: Oracle JDK 8 not listed any longer in prerequisites

ECA-8730 - Fix JUnit, UserFulfillEndEntityProfileTest and CommandLibraryTest tests that fail on Java 11 (due to issues in tests)

ECA-8731 - Remove old commons-httpclient 3.1 and upgrade commons httcomponents to latest stable version

ECA-8733 - Update ConfigImport "known limitations"

ECA-8744 - FindBugs: fix warning about NP_NULL_PARAM_DEREF

ECA-8804 - Security: Upgrade external dependency

ECA-8807 - Change the copyright footer to 2020

ECA-8855 - Automate test ECAQA-128: End Entity Profile - Custom Validity

ECA-8898 - Document known issue related to approval requests after an upgrade to EJBCA 6

ECA-8918 - Documentation: Document support for Cloud HSMs

ECA-8980 - EJBCA Testing: ACME (Continued) Testing

ECA-9011 - Upgrade apache cfx

ECA-9049 - Investigate CRL-related test failures in Jenkins

ECA-9050 - Code cleanup: Remove dead encrypt/decrypt methods in CA

ECA-9079 - Add selecatable head banner with advisory notice and consent warning

ECA-9088 - Grab ClientToolBox test from Git

ECA-9089 - Learn how the current EJBCAClientToolBox test works.

ECA-9090 - Create/Extend JenkinsFile and DockerFile for EJBCAClientToolBox

ECA-9091 - Setup Jenkins Job to run EJBCA ClientToolBox

ECA-9100 - Documentation: update JBoss security about Diffie-Hellman keysize and datasource passords

ECA-9114 - Upgrade jackson databind

ECA-9168 - Regression Test & Automation EcaQa75

ECA-9187 - Add configuration steps for WildFly 18

ECA-9197 - Document how to limit length of DN fields using regexp validation

Improvements

ECA-1758 - Add system tests for caRenewCertRequest (WS)

ECA-4130 - Publishers: Show the publisher type next to the name in the Publishers page

ECA-5912 - Trim spaces and check syntax of CT URLs when they are added

ECA-6284 - Use something faster than java.beans.XMLEncoder/Decoder

ECA-6296 - Limit length of subject DN in RA GUI search results

ECA-6505 - Documentation: Add diagram how CA, CPs and EEPs are related

ECA-7064 - Disallow creation of Peer Connectors with the same name

ECA-7633 - New flag in 'ejbca.sh ca republish' command to list certificates instead of end entities

ECA-7722 - Minor usability improvements on Edit CA page

ECA-7819 - Remove old installation properties and ant targets

ECA-7959 - A user should be able to click a link to be returned to the previous page after error occurs

ECA-8157 - Add back the username field to EEP

ECA-8636 - CT systemtest - Publish precert

ECA-8670 - Allow selenium setup to run with different ManagementCA name

ECA-8672 - Fix trivial warnings in cesecore-common

ECA-8675 - Fix CryptoToken import in configdump

ECA-8694 - Automate ECAQA-155

ECA-8698 - Unclear UI messages for RA CA name in EST alias

ECA-8703 - Trim space for ACME Aliases Add function

ECA-8706 - Refactor CAInterfaceBean and related classes

ECA-8713 - Automate ECAQA-152

ECA-8715 - Optimize Azure Key Vault Crypto Token to not make unessecary REST calls when checking for status

ECA-8716 - Optimize PKCS11 Crypto Token to not make unessecary PKCS#11 calls on deactivated crypto tokens

ECA-8720 - Jenkins: upgrade powermock dependencies for JDK11+

ECA-8721 - Jenkins: EJBCA_JDK_DOCKERS

ECA-8722 - Update cert-cvc library to build with Java 11

ECA-8725 - Optimize render of created/edit CA page to not list all crypto token keys

ECA-8729 - ConfigImport Admin Roles import order

ECA-8738 - Make it possible to run tests within eclipse

ECA-8746 - Add small help text for subject DN field when creating a CA

ECA-8747 - Give error message when trying to import an IS certificate to a DVCA

ECA-8749 - ApprovalProfileSession.removeApprovalProfile throws exception when profile does not exist, does not follow javadoc contract

ECA-8754 - Optimize CaSessionBean.getCAIdToNameMap to use cache

ECA-8755 - Optmize CryptoTokenManagementSessionBean.getKeyPairInfo to not list all aliases

ECA-8758 - Sort "Extended Key Services Specification" dropdown

ECA-8765 - Document in Client Toolbox how to include CESeCoreUtils

ECA-8774 - Fix some NPEs in the log when accessing without proper session

ECA-8775 - Improve output format in CertDistServlet listcerts command

ECA-8783 - Add test case for va publisher data source (Selenium)

ECA-8788 - Inconsistent behaviour between CLI and AdminWeb created CA using CA defined AIA

ECA-8789 - Allow UNUSED data value in databaseprotection.properties

ECA-8793 - Add new HTTP security headers

ECA-8794 - Add HTTP security headers to CertDistServlet

ECA-8795 - Improve error handling in PublicWeb when entering invalid DN

ECA-8797 - The wrong path of a language configuration file in the document

ECA-8801 - Change text uses->allows in configuration checker message about ECC keys

ECA-8809 - Fix formating in CertStoreServletTest and CertFetchAndVerify

ECA-8813 - Show a warning when basic constraints are violated

ECA-8821 - Better error message when trying to sign with an inactive crypto token

ECA-8839 - Allow serial numbers to be entered with colon or spaces also

ECA-8863 - Jenkins jobs improvement

ECA-8865 - Selenium test constantly failing on RA-web

ECA-8872 - Documentation Clarify what multiple issuers in the CAA validator means

ECA-8879 - Create end entity based on UPN in certificate when running "importcertsms" CLI command

ECA-8882 - Improve Swedish translation of the RA web

ECA-8907 - Add validator for SAN field in Create CA page and improve error handling.

ECA-8908 - Update documentation for pre-produced OCSP responses

ECA-8911 - Ability to get version of clientToolBox

ECA-8921 - Automate ECAQA-113

ECA-8924 - Automate ECAQA-116

ECA-8926 - Add delete method in OcspDataSession bean.

ECA-8930 - The Save button in the RA web edit end entity page should be located at the bottom

ECA-8932 - Document improvement in CRL Behaviour after CA Revocation

ECA-8936 - Revise the OcspResponseData table and primary key.

ECA-8943 - Public key blacklist should handle Debian blacklist format

ECA-8958 - Modify CmpRAUnidTest to run without the Unid datasource

ECA-8961 - Improve debug logging for approvals to easily see type

ECA-8975 - Code cleanup: Encode EC keys generated by a Pkcs11NgCryptoToken without explicit params first

ECA-8977 - Add sample token properties to changecatoken CLI command to make it easier to use

ECA-8996 - Code cleanup: Azure crypto token

ECA-8997 - Code cleanup: AWS KMS crypto token

ECA-8999 - Add cabforganizationidentifier as argument to WS cli

ECA-9003 - Code cleanup: OidsObjectLinkedHashSetConverter and write unit test

ECA-9027 - Check that all certificate/end entity profile pairs have at least one usable CA

ECA-9032 - Configurable time before expire for Ocsp Response Presigner

ECA-9033 - Improve JPQL query for getting expired responses

ECA-9034 - Support SHA1 and SHA256 hashes for Pre-produced OCSP responses

ECA-9035 - Upgrade to BC 1.65

ECA-9036 - Increase column size of subject DN and subject email for MySQL/MariaDB

ECA-9041 - SCEP: Debug log message encryption algorithms

ECA-9045 - Enable legacy browser enrollment in IE11 on Windows 10

ECA-9058 - On-demand setting for OCSP pre-production

ECA-9067 - Improve CryptoToken Config: Verify Auto-Activation Codes

ECA-9070 - Add support for CAs using SHA256WithDSA

ECA-9096 - Peer publisher for OCSP response data

ECA-9097 - Show only relevant curves/key sizes on certificate profile page

ECA-9098 - Retrieving curves and algorithms on RA web needs to be optimized

ECA-9107 - Add peering configuration capability to CLI to support scripting external VA/RA

ECA-9113 - CLI ca importcertdir command should use random password

ECA-9123 - Don't check key length is we have allowed Ed25519 or Ed448

ECA-9124 - Add "Cache-control" header to HTTP POST OCSP responses.

ECA-9131 - Clean-up job for expired OCSP Responses

ECA-9132 - Support Archive Cutoff for pre-produced OCSP responses

ECA-9135 - Improve documentation about allow.external-dynamic.configuration in ejbca.properties and cesecore.properties

ECA-9139 - Trigger OCSP Response Publisher on generation

ECA-9160 - Allow CLI upgrade command to run post-upgrade automatically

ECA-9162 - Allow to store pre-produced OCSP responses in response to requests with Nonce, if response does not have Nonce

ECA-9186 - Make new XmlSerializer code locale insensitive and deterministic

ECA-9189 - Allow OCSP Response Pre-Signer to only do Final Responses

ECA-9208 - Don't render OCSP Pre Production in EJBCA CE

Bug Fixes

ECA-1691 - Reject issuance if both notBefore and notAfter are in the past

ECA-2052 - Country code in Subject DN of CVC CA is case sensitive

ECA-2068 - Export CA key Store with incorrect password shows an exception on the screen

ECA-4155 - Check if RoleMember matched by X.509 certificate has a plausible CA and certificate serial number combination

ECA-4363 - Use different return codes for importprofiles CLI command

ECA-4735 - Unify appearance in "Edit CA" page between "CA life cycle" and "Externally signed CA creation/renewal"

ECA-5704 - Extended Key Usages / Prevent user from adding same Label for different OIDs

ECA-5705 - Extended Key Usages / Adding new Label with an existing OID replaces the old one without any error

ECA-6113 - SAN with escaped commas (e.g. in directoryName) is not displayed correctly

ECA-6189 - Subject DN e-mail field and EE e-mail field conflated in the RA

ECA-6770 - Extra slashes introduced on links from some admin web pages

ECA-7060 - Handle invalid input on 'Approval Profiles' page

ECA-7072 - Long text input in field validation of Manage Data Source page causes crash

ECA-7299 - Unit tests require PKCS#11 "slot 1" to exist and do not work with SoftHSM

ECA-7333 - It is possible to add Internal Key Bindings without a name

ECA-7678 - 'Close' button not functioning under 'Roles and Access Rules' page

ECA-7733 - Security hardening

ECA-7739 - Using a certificate profile template does not select the correct fields

ECA-8049 - Treat Subject Directory Attributes the same way as Subject DN.

ECA-8146 - OCSP signer renewal via peers not working for throw-away CA

ECA-8233 - "invalid use of tag" warnings from Javadoc for WS exceptions on JDK 11

ECA-8237 - Getting "XML Parsing Error: no root element found" when clicking "View Older" in View Certificate popup

ECA-8376 - RA Web doesn't build in CE.

ECA-8496 - Document how to prevent BouncyCastle not being loaded by an EJBCA classloader

ECA-8659 - Error message is not displayed in Audit Log UI page when database protection fails to verify

ECA-8679 - Security issue

ECA-8680 - Index recommendation will not allow use of partitioned CRLs

ECA-8687 - Fix selenium test failures due to wrong Certificate Profile save message

ECA-8689 - Enable /administrator when granting access to the WS protocol over peers

ECA-8690 - Import of IKB doesn't set bound cert Id

ECA-8691 - Add upgrade notes for ECA-8679

ECA-8697 - Audit log menu item visible on some pages even if the audit log is disabled

ECA-8707 - Key sequence ignored when renewing CA

ECA-8711 - Regression: Cannot change "Signed by" option for CAs in Uninitialized state

ECA-8712 - No alias for key purpose 0 error when editing external CA

ECA-8714 - Use CRL partitions should not be rendered for External CAs

ECA-8719 - 'Make New Request' on 'RA Web' on 'Clean Installation' results in StackOverflowError

ECA-8723 - cert-cvc should use Bouncy Castle provider for verification of CVCAuthenticatedRequest

ECA-8728 - TestDatafields in cert-cvc fails if clock is 00:00-00:59

ECA-8734 - Incorrect warning of ConfigExport/Import SCP Publisher

ECA-8735 - Some system tests fail if ManagementCA is called something else

ECA-8736 - HealthCheckTest.testAuditLogHealthCheck does not restore databaseprotection.keyid.AuditRecordData

ECA-8737 - change/addUser should throw a proper error message instead of NPE when changing a user to a non-existing EE profile

ECA-8739 - NPE when importing brainpoolP256r1 DVCA certificate

ECA-8742 - Delete tests leave crypto tokens left behind by system tests

ECA-8743 - KeyGenParams is not serializeable

ECA-8752 - CA message handlers may throw NPE instead of CADoesntExistsException when CA does not exist

ECA-8756 - ClassCastException on Wildfly 14 when saving a certificate profile with "Subject DN Subset" enabled

ECA-8757 - CaImportCACommand doesn't activate KeyRecoveryCAServiceInfo

ECA-8759 - Unclear error message CA/B Forum Organization Identifier is blank or missing

ECA-8761 - Certificate Extensions not enabled in the Certificate Profile give no error

ECA-8766 - Certificate pinning for Authentication Key Bindings is not working if the pinned certificate is not in the database

ECA-8772 - Minor security issue

ECA-8773 - Security issue

ECA-8777 - Security issue

ECA-8778 - WS request with missing required extension field can still be issued

ECA-8779 - WS request with extension field that is in CP but not EEP can be issued

ECA-8780 - KeyRecoverySessionBean.addKeyRecoveryData does not return false is data already exists

ECA-8782 - ServiceSession logs incorrect administrator when editing a service

ECA-8785 - Statedump import fails when there is an unconfigured EST alias

ECA-8786 - Making a CVC WS request can fail if there is an unitialized CVCA

ECA-8791 - Cannot search by year 2020 in Admin Web

ECA-8796 - Sometimes wrong default setting for "Send notification" in the RA, when notifications are enabled

ECA-8799 - Regression: Wrong JKS is downloaded in the "CA Certificates & CRLs" page

ECA-8803 - NPE in Admin UI if script publisher configured and after that external scripts are disabled

ECA-8811 - CVCA link certificate has wrong validity

ECA-8816 - 'Remove from CRL' should be removed from 'Revocation Reason' list

ECA-8819 - Cannot use 7.x RA with 6.15 CA

ECA-8823 - Bad default CRL parameters when importing CA

ECA-8832 - Create button enabled while viewing CA non privileged.

ECA-8858 - Test failure in ConfigdumpCertificationAuthorityUnitTest

ECA-8859 - CA does not get selected on Add End Entity page load, test failure in EcaQa59_EEPHidden

ECA-8861 - Strip key alias when creating new keys

ECA-8864 - I cannot download generated certificate request as PEM or DER. An exception has occurred.Server returned: 500

ECA-8869 - Fix duplicate/ambiguous network name on old Jenkins jobs

ECA-8870 - Fix selenium tests jobs of Domain Blacklists on Jenkins

ECA-8871 - Test EcaQa5_AddEndUserEndEntity fails due to changing element IDs and incorrect profile

ECA-8873 - No certificate profile specified in EcaQa202_NegativeBlacklistExactMatch test

ECA-8874 - EcaQa77_EndEntitySearch is sensitive to the environment

ECA-8880 - UpdatePublicKeyBlacklistCommandTest contains empty folder in resources, which fails with GIT

ECA-8881 - Empty POST to /.well-known/est/simpleenroll results in NullPointerException

ECA-8884 - PKCS#11 CP5 Cryptotoken type displayed even if no libraries are configured

ECA-8885 - HealthCheckTest fails on Community Edition

ECA-8888 - Test failures in Selenium jobs due to port conflict

ECA-8890 - Certificate Validator ignores profile settings

ECA-8893 - ServiceLocatorException on approval/notification when mail is not configured

ECA-8900 - The wrong certificate profile is edited when opening two certificate profiles in different tabs/windows

ECA-8910 - Jenkins Oracle DB is missing indexes, which causes failures

ECA-8912 - No remote key bindings listed on CA when any keybinding references a non-existent key

ECA-8915 - Usability: Verify allowed characters in key aliases when generating keys in using Azure Key Vault REST API.

ECA-8916 - Fix Jenkins test failure in EcaQa76_AuditLogSearch

ECA-8917 - Pre-sign Certificate Validator gives error when using ECDSA and a CA using HSM

ECA-8925 - Fix timing sensitivity in CTLogTest

ECA-8942 - Web Services - DN Merge Issue with Multiple OU Fields

ECA-8948 - Avoid NPE when no CA configured in EST alias

ECA-8955 - SCEP renewal should give nice error message when renewal cert does not exist

ECA-8956 - SCEP RA mode should not log on error level for normal handled error cases

ECA-8957 - Fingerprints not normalized on public key blacklist import

ECA-8959 - Public EC keys generated by a Pkcs11NgCryptoToken are always using explicit EC parameters

ECA-8960 - Regression: throwing checked Exceptions from postConstruct is not allowed in JEE spec

ECA-8985 - Certutil dump file created in Windows cannot be read by 'ejbca.sh ca importcertsms'

ECA-8989 - Unable to upload a zip with custom CSS files

ECA-8993 - CMP response message with PBE protection does not include configured extra certs

ECA-9012 - 'General Settings' Help/Documentation link 'Edit Validator' page is broken

ECA-9015 - Import Help/Documentation is broken under System Configuration/Custom RA Styles

ECA-9024 - AJAX for associating an RA style with a role is broken

ECA-9025 - Weird error message when certificate profile cannot be removed

ECA-9028 - Validators Help/Documentation link is broken under Edit CA page

ECA-9029 - Approval request not done by cert authenticated admins shows blank in Requested By

ECA-9030 - Improve audit logging for custom RA styles

ECA-9038 - NPE clicking Receive Certificate Response in Edit CA screen, if nothing is uploaded

ECA-9048 - Some languages not working for subject DN when viewing certificates in CA GUI

ECA-9060 - Adding a new label with a existing OID does not give you any error/message.

ECA-9064 - Prevent inactive CmsCAService to try to load keystore

ECA-9069 - Some CA lists in services are not sorted

ECA-9071 - Regression - 2 Edit buttons displayed in RA Web End Entity Details page

ECA-9073 - Approvals can't be edited by admin

ECA-9078 - Documentation link for Enable End Entity Profile Limitations? is broken

ECA-9080 - Documentation link for 'Create Authenticated Certificate Signing Request' is broken

ECA-9082 - 'ETSI PSD2 QC Statement' Documentation link refers to the wrong page

ECA-9086 - Missing documentation for CA/Browser Forum Organization Identifier

ECA-9103 - Ed448 and Ed25519 not supported in RA UI and Public Web

ECA-9104 - Edit end entity can log the wrong changed DN if DN merge is used

ECA-9106 - Regression: Unable to submit to CT logs

ECA-9109 - Regression: RA GUI: Regardless of the format chosen the downloaded certificate is always a PKCS12 certificate.

ECA-9110 - EJBCA adminweb is not accessible after configuring "Custom Publisher"--An exception has occurred. For input string: "60000"

ECA-9111 - Regression: EJBCA CA key renewal service does not work on subCAs

ECA-9112 - Selenium Tests in Jenkins

ECA-9125 - Avoid that upgrade adds duplicate OCSP extension that already exists

ECA-9126 - Methods to delete Ocsp Responses fail

ECA-9128 - Regression: Peers cannot deserialize TreeMap

ECA-9129 - Custom extensions cannot be deserialized by EJBCA

ECA-9130 - Regression: can not change CVC terminal type in CA UI

ECA-9136 - RaMasterApi reports wrong API_VERSION

ECA-9137 - Regression: Not possible to activate rollover renewal, CA rollover cert activation is not rendered in Admin UI

ECA-9138 - Documentation link broken in Edit Publisher 'Publisher Queue' section

ECA-9143 - NPE editing SCEP alias after rename of end entity profile and SCEP alias list items are not sorted

ECA-9150 - Audit Log page error

ECA-9152 - Some certificates are missing when downloading a JKS chain

ECA-9153 - Always close SSH connections created by the SCP publisher

ECA-9154 - Regression: can't edit ICAO document type list in adminweb

ECA-9157 - OCSP audit and account logging does not work when serving pre-produced responses

ECA-9159 - NJI11ReleasebleSessionPrivateKey always assumes RSA

ECA-9166 - Class was not found on classpath

ECA-9167 - Typo error in ORM mapping for ApprovalData

ECA-9170 - SecureXmlDecoder cannot deserialize enums created in Java 6

ECA-9172 - Rollover of expired CA will not make it active due to CRL generation failure

ECA-9174 - NPE in configuration checker if certificate profile linked from end entity profile does not exist

ECA-9178 - HealthCheckServlet is trying to create a "filename.properties" with no path

ECA-9181 - Deleting token used for 'Force Local Key Generation' breaks Basic Configurations page

ECA-9188 - Don't persist responses with status 'Unknown'

ECA-9190 - NullPointerException in Statedump when a non-existent publisher is still in use

ECA-9192 - Not possible to add additional CA certificates to CMP response

ECA-9200 - Regression: Several ajax calls on certificate profile page broken

ECA-9202 - Statedump support for the Google Safe Browsing Validator

ECA-9204 - It is possible to rename a CA with no name

ECA-9205 - NPE when testing the connection of a VA Peer Publisher referencing non-existing peer system

ECA-9207 - Regression: Created CVC Authenticated requests can not be downloaded in Admin UI