EJBCA 7.4 Release Notes
The PrimeKey EJBCA team is pleased to announce the release of EJBCA 7.4.0.
This release has been driven by our aim to become one of the most stable and easy to use PKI software suites out there, while still keeping a technological edge. To this aim we've put a special drive into making our automated testing more comprehensive and working on our bug backlog, fixing no less than 152 reported bugs in this release alone.
Highlights
Pre-produced OCSP Responses
A commonly requested feature through the years, the EJBCA VA can now produce pre-produced OCSP responses in accordance with RFC6960. This feature has two potential benefits for your VA infrastructure - it allows you to pre-sign OCSP responses during low times for use during peaks, and CAs under requirement to do so can be set to produce responses valid after the CA's expiration.
Ed25519 and Ed448 Support
EdDSA is now supported for software crypto tokens, with support for both Ed25519 and Ed448.
Approvals added to SCEP
When using SCEP in RA mode, it's now possible to use approvals during enrollment.
Google Safe Browsing Validator
We've added a new validator type to check against the Google Safe Browsing API.
Cloud PKI Support
EJBCA 7.4.0 has added encryption for SCEP with Azure Key Vaults and support for AWS Key Management Service (KMS).
Documentation Improvements
Quite a bit has happened with our documentation, but we'd like to highlight that CMP with 3GPP has been fully and comprehensively documented.
Upgrade Information
Review the EJBCA 7.4 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.
EJBCA 7.4.0 is included in EJBCA Hardware Appliance 3.5.2 and EJBCA Cloud 2.2.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in EJBCA 7.4.0, refer to our JIRA Issue Tracker.
Issues Resolved in 7.4.0
New Features
ECA-4491 - Support Ed25519 and Ed448 (EdDSA) certificate issuance using soft crypto tokens
ECA-5333 - Ability to search for approval requests by part of Subject DN / or e-mail
ECA-6787 - Ability to specify Superadmin Validity during installation
ECA-6790 - Add "Enforce Key Renewal" Option
ECA-7162 - Add regex validation to usernames for EEP
ECA-8699 - Support encryption for SCEP in Azure Key Vault crypto token
ECA-8718 - Add test of "Enforce Key Renewal"
ECA-8781 - CLI command to import key recovery data for end entities
ECA-8848 - Database table for pre-produced OCSP responses
ECA-8849 - Service worker pre-produced OCSP responses
ECA-8850 - CA setting enabling pre-produced responses.
ECA-8852 - Publisher for OCSP Response Data
ECA-8866 - Create OCSP Cache for CA canned response setting
ECA-8878 - Session bean (interface etc) for OcspResponseData
ECA-8892 - Handling conflict between CA setting to pre-produce OCSP responses and OCSP Key binding nonce setting
ECA-8895 - Create indexes for the OCSPResponseData table
ECA-8899 - Approvals for SCEP RA mode
ECA-8913 - Support AWS KMS (Key Management Service, different from AWS CloudHSM)
ECA-8944 - Service worker UI for OCSP pre-production
ECA-8962 - Implement SCEP enrollment with approvals for already existing end entities
ECA-8990 - Update plugin sample to deploy cleanly
ECA-9051 - Shift the configuration of ExtendedUserDataHandlers (such as the UnidFnrHandler) from CMP configuration to CA configuration
ECA-9053 - Implement configuration of Request Processors in the CA
ECA-9057 - Implement a validator for the Google Safe Browsing API
ECA-9065 - Upgrade procedure after moving Request Processors from CMP to CA
ECA-9066 - Shift execution of Request Processors from CrmfRequestHandler into CertificateRequestSession
ECA-9072 - Service worker logic for final OCSP response
ECA-9074 - Support for CLI batch generation with EdDSA keys
ECA-9142 - Create a webservice call for creating an externally signed CA.
ECA-9163 - Add support for WS createExternallySignedCa command in clientToolBox
Tasks
ECA-7435 - Java 11: SOAP WS Client and Tests do not work
ECA-8212 - Batch enrollment GUI does not build under JDK11
ECA-8651 - Update resteasy jars used for junit testing
ECA-8695 - Security: Upgrade external dependency
ECA-8696 - Update db2jcc4.jar used for jenkins tests
ECA-8700 - Use reflection in CESeCoreUtils to support older version of Java
ECA-8717 - Java 11: ejbca-ws-cli uses endorsed.dirs which is not supported in java 11
ECA-8724 - Upgrade cert-cvc to 1.4.10
ECA-8727 - Documentation: Oracle JDK 8 not listed any longer in prerequisites
ECA-8730 - Fix JUnit, UserFulfillEndEntityProfileTest and CommandLibraryTest tests that fail on Java 11 (due to issues in tests)
ECA-8731 - Remove old commons-httpclient 3.1 and upgrade commons httcomponents to latest stable version
ECA-8733 - Update ConfigImport "known limitations"
ECA-8744 - FindBugs: fix warning about NP_NULL_PARAM_DEREF
ECA-8804 - Security: Upgrade external dependency
ECA-8807 - Change the copyright footer to 2020
ECA-8855 - Automate test ECAQA-128: End Entity Profile - Custom Validity
ECA-8898 - Document known issue related to approval requests after an upgrade to EJBCA 6
ECA-8918 - Documentation: Document support for Cloud HSMs
ECA-8980 - EJBCA Testing: ACME (Continued) Testing
ECA-9011 - Upgrade apache cfx
ECA-9049 - Investigate CRL-related test failures in Jenkins
ECA-9050 - Code cleanup: Remove dead encrypt/decrypt methods in CA
ECA-9079 - Add selecatable head banner with advisory notice and consent warning
ECA-9088 - Grab ClientToolBox test from Git
ECA-9089 - Learn how the current EJBCAClientToolBox test works.
ECA-9090 - Create/Extend JenkinsFile and DockerFile for EJBCAClientToolBox
ECA-9091 - Setup Jenkins Job to run EJBCA ClientToolBox
ECA-9100 - Documentation: update JBoss security about Diffie-Hellman keysize and datasource passords
ECA-9114 - Upgrade jackson databind
ECA-9168 - Regression Test & Automation EcaQa75
ECA-9187 - Add configuration steps for WildFly 18
ECA-9197 - Document how to limit length of DN fields using regexp validation
Improvements
ECA-1758 - Add system tests for caRenewCertRequest (WS)
ECA-4130 - Publishers: Show the publisher type next to the name in the Publishers page
ECA-5912 - Trim spaces and check syntax of CT URLs when they are added
ECA-6284 - Use something faster than java.beans.XMLEncoder/Decoder
ECA-6296 - Limit length of subject DN in RA GUI search results
ECA-6505 - Documentation: Add diagram how CA, CPs and EEPs are related
ECA-7064 - Disallow creation of Peer Connectors with the same name
ECA-7633 - New flag in 'ejbca.sh ca republish' command to list certificates instead of end entities
ECA-7722 - Minor usability improvements on Edit CA page
ECA-7819 - Remove old installation properties and ant targets
ECA-7959 - A user should be able to click a link to be returned to the previous page after error occurs
ECA-8157 - Add back the username field to EEP
ECA-8636 - CT systemtest - Publish precert
ECA-8670 - Allow selenium setup to run with different ManagementCA name
ECA-8672 - Fix trivial warnings in cesecore-common
ECA-8675 - Fix CryptoToken import in configdump
ECA-8694 - Automate ECAQA-155
ECA-8698 - Unclear UI messages for RA CA name in EST alias
ECA-8703 - Trim space for ACME Aliases Add function
ECA-8706 - Refactor CAInterfaceBean and related classes
ECA-8713 - Automate ECAQA-152
ECA-8715 - Optimize Azure Key Vault Crypto Token to not make unessecary REST calls when checking for status
ECA-8716 - Optimize PKCS11 Crypto Token to not make unessecary PKCS#11 calls on deactivated crypto tokens
ECA-8720 - Jenkins: upgrade powermock dependencies for JDK11+
ECA-8721 - Jenkins: EJBCA_JDK_DOCKERS
ECA-8722 - Update cert-cvc library to build with Java 11
ECA-8725 - Optimize render of created/edit CA page to not list all crypto token keys
ECA-8729 - ConfigImport Admin Roles import order
ECA-8738 - Make it possible to run tests within eclipse
ECA-8746 - Add small help text for subject DN field when creating a CA
ECA-8747 - Give error message when trying to import an IS certificate to a DVCA
ECA-8749 - ApprovalProfileSession.removeApprovalProfile throws exception when profile does not exist, does not follow javadoc contract
ECA-8754 - Optimize CaSessionBean.getCAIdToNameMap to use cache
ECA-8755 - Optmize CryptoTokenManagementSessionBean.getKeyPairInfo to not list all aliases
ECA-8758 - Sort "Extended Key Services Specification" dropdown
ECA-8765 - Document in Client Toolbox how to include CESeCoreUtils
ECA-8774 - Fix some NPEs in the log when accessing without proper session
ECA-8775 - Improve output format in CertDistServlet listcerts command
ECA-8783 - Add test case for va publisher data source (Selenium)
ECA-8788 - Inconsistent behaviour between CLI and AdminWeb created CA using CA defined AIA
ECA-8789 - Allow UNUSED data value in databaseprotection.properties
ECA-8793 - Add new HTTP security headers
ECA-8794 - Add HTTP security headers to CertDistServlet
ECA-8795 - Improve error handling in PublicWeb when entering invalid DN
ECA-8797 - The wrong path of a language configuration file in the document
ECA-8801 - Change text uses->allows in configuration checker message about ECC keys
ECA-8809 - Fix formating in CertStoreServletTest and CertFetchAndVerify
ECA-8813 - Show a warning when basic constraints are violated
ECA-8821 - Better error message when trying to sign with an inactive crypto token
ECA-8839 - Allow serial numbers to be entered with colon or spaces also
ECA-8863 - Jenkins jobs improvement
ECA-8865 - Selenium test constantly failing on RA-web
ECA-8872 - Documentation Clarify what multiple issuers in the CAA validator means
ECA-8879 - Create end entity based on UPN in certificate when running "importcertsms" CLI command
ECA-8882 - Improve Swedish translation of the RA web
ECA-8907 - Add validator for SAN field in Create CA page and improve error handling.
ECA-8908 - Update documentation for pre-produced OCSP responses
ECA-8911 - Ability to get version of clientToolBox
ECA-8921 - Automate ECAQA-113
ECA-8924 - Automate ECAQA-116
ECA-8926 - Add delete method in OcspDataSession bean.
ECA-8930 - The Save button in the RA web edit end entity page should be located at the bottom
ECA-8932 - Document improvement in CRL Behaviour after CA Revocation
ECA-8936 - Revise the OcspResponseData table and primary key.
ECA-8943 - Public key blacklist should handle Debian blacklist format
ECA-8958 - Modify CmpRAUnidTest to run without the Unid datasource
ECA-8961 - Improve debug logging for approvals to easily see type
ECA-8975 - Code cleanup: Encode EC keys generated by a Pkcs11NgCryptoToken without explicit params first
ECA-8977 - Add sample token properties to changecatoken CLI command to make it easier to use
ECA-8996 - Code cleanup: Azure crypto token
ECA-8997 - Code cleanup: AWS KMS crypto token
ECA-8999 - Add cabforganizationidentifier as argument to WS cli
ECA-9003 - Code cleanup: OidsObjectLinkedHashSetConverter and write unit test
ECA-9027 - Check that all certificate/end entity profile pairs have at least one usable CA
ECA-9032 - Configurable time before expire for Ocsp Response Presigner
ECA-9033 - Improve JPQL query for getting expired responses
ECA-9034 - Support SHA1 and SHA256 hashes for Pre-produced OCSP responses
ECA-9035 - Upgrade to BC 1.65
ECA-9036 - Increase column size of subject DN and subject email for MySQL/MariaDB
ECA-9041 - SCEP: Debug log message encryption algorithms
ECA-9045 - Enable legacy browser enrollment in IE11 on Windows 10
ECA-9058 - On-demand setting for OCSP pre-production
ECA-9067 - Improve CryptoToken Config: Verify Auto-Activation Codes
ECA-9070 - Add support for CAs using SHA256WithDSA
ECA-9096 - Peer publisher for OCSP response data
ECA-9097 - Show only relevant curves/key sizes on certificate profile page
ECA-9098 - Retrieving curves and algorithms on RA web needs to be optimized
ECA-9107 - Add peering configuration capability to CLI to support scripting external VA/RA
ECA-9113 - CLI ca importcertdir command should use random password
ECA-9123 - Don't check key length is we have allowed Ed25519 or Ed448
ECA-9124 - Add "Cache-control" header to HTTP POST OCSP responses.
ECA-9131 - Clean-up job for expired OCSP Responses
ECA-9132 - Support Archive Cutoff for pre-produced OCSP responses
ECA-9135 - Improve documentation about allow.external-dynamic.configuration in ejbca.properties and cesecore.properties
ECA-9139 - Trigger OCSP Response Publisher on generation
ECA-9160 - Allow CLI upgrade command to run post-upgrade automatically
ECA-9162 - Allow to store pre-produced OCSP responses in response to requests with Nonce, if response does not have Nonce
ECA-9186 - Make new XmlSerializer code locale insensitive and deterministic
ECA-9189 - Allow OCSP Response Pre-Signer to only do Final Responses
ECA-9208 - Don't render OCSP Pre Production in EJBCA CE
Bug Fixes
ECA-1691 - Reject issuance if both notBefore and notAfter are in the past
ECA-2052 - Country code in Subject DN of CVC CA is case sensitive
ECA-2068 - Export CA key Store with incorrect password shows an exception on the screen
ECA-4155 - Check if RoleMember matched by X.509 certificate has a plausible CA and certificate serial number combination
ECA-4363 - Use different return codes for importprofiles CLI command
ECA-4735 - Unify appearance in "Edit CA" page between "CA life cycle" and "Externally signed CA creation/renewal"
ECA-5704 - Extended Key Usages / Prevent user from adding same Label for different OIDs
ECA-5705 - Extended Key Usages / Adding new Label with an existing OID replaces the old one without any error
ECA-6113 - SAN with escaped commas (e.g. in directoryName) is not displayed correctly
ECA-6189 - Subject DN e-mail field and EE e-mail field conflated in the RA
ECA-6770 - Extra slashes introduced on links from some admin web pages
ECA-7060 - Handle invalid input on 'Approval Profiles' page
ECA-7072 - Long text input in field validation of Manage Data Source page causes crash
ECA-7299 - Unit tests require PKCS#11 "slot 1" to exist and do not work with SoftHSM
ECA-7333 - It is possible to add Internal Key Bindings without a name
ECA-7678 - 'Close' button not functioning under 'Roles and Access Rules' page
ECA-7733 - Security hardening
ECA-7739 - Using a certificate profile template does not select the correct fields
ECA-8049 - Treat Subject Directory Attributes the same way as Subject DN.
ECA-8146 - OCSP signer renewal via peers not working for throw-away CA
ECA-8233 - "invalid use of tag" warnings from Javadoc for WS exceptions on JDK 11
ECA-8237 - Getting "XML Parsing Error: no root element found" when clicking "View Older" in View Certificate popup
ECA-8376 - RA Web doesn't build in CE.
ECA-8496 - Document how to prevent BouncyCastle not being loaded by an EJBCA classloader
ECA-8659 - Error message is not displayed in Audit Log UI page when database protection fails to verify
ECA-8679 - Security issue
ECA-8680 - Index recommendation will not allow use of partitioned CRLs
ECA-8687 - Fix selenium test failures due to wrong Certificate Profile save message
ECA-8689 - Enable /administrator when granting access to the WS protocol over peers
ECA-8690 - Import of IKB doesn't set bound cert Id
ECA-8691 - Add upgrade notes for ECA-8679
ECA-8697 - Audit log menu item visible on some pages even if the audit log is disabled
ECA-8707 - Key sequence ignored when renewing CA
ECA-8711 - Regression: Cannot change "Signed by" option for CAs in Uninitialized state
ECA-8712 - No alias for key purpose 0 error when editing external CA
ECA-8714 - Use CRL partitions should not be rendered for External CAs
ECA-8719 - 'Make New Request' on 'RA Web' on 'Clean Installation' results in StackOverflowError
ECA-8723 - cert-cvc should use Bouncy Castle provider for verification of CVCAuthenticatedRequest
ECA-8728 - TestDatafields in cert-cvc fails if clock is 00:00-00:59
ECA-8734 - Incorrect warning of ConfigExport/Import SCP Publisher
ECA-8735 - Some system tests fail if ManagementCA is called something else
ECA-8736 - HealthCheckTest.testAuditLogHealthCheck does not restore databaseprotection.keyid.AuditRecordData
ECA-8737 - change/addUser should throw a proper error message instead of NPE when changing a user to a non-existing EE profile
ECA-8739 - NPE when importing brainpoolP256r1 DVCA certificate
ECA-8742 - Delete tests leave crypto tokens left behind by system tests
ECA-8743 - KeyGenParams is not serializeable
ECA-8752 - CA message handlers may throw NPE instead of CADoesntExistsException when CA does not exist
ECA-8756 - ClassCastException on Wildfly 14 when saving a certificate profile with "Subject DN Subset" enabled
ECA-8757 - CaImportCACommand doesn't activate KeyRecoveryCAServiceInfo
ECA-8759 - Unclear error message CA/B Forum Organization Identifier is blank or missing
ECA-8761 - Certificate Extensions not enabled in the Certificate Profile give no error
ECA-8766 - Certificate pinning for Authentication Key Bindings is not working if the pinned certificate is not in the database
ECA-8772 - Minor security issue
ECA-8773 - Security issue
ECA-8777 - Security issue
ECA-8778 - WS request with missing required extension field can still be issued
ECA-8779 - WS request with extension field that is in CP but not EEP can be issued
ECA-8780 - KeyRecoverySessionBean.addKeyRecoveryData does not return false is data already exists
ECA-8782 - ServiceSession logs incorrect administrator when editing a service
ECA-8785 - Statedump import fails when there is an unconfigured EST alias
ECA-8786 - Making a CVC WS request can fail if there is an unitialized CVCA
ECA-8791 - Cannot search by year 2020 in Admin Web
ECA-8796 - Sometimes wrong default setting for "Send notification" in the RA, when notifications are enabled
ECA-8799 - Regression: Wrong JKS is downloaded in the "CA Certificates & CRLs" page
ECA-8803 - NPE in Admin UI if script publisher configured and after that external scripts are disabled
ECA-8811 - CVCA link certificate has wrong validity
ECA-8816 - 'Remove from CRL' should be removed from 'Revocation Reason' list
ECA-8819 - Cannot use 7.x RA with 6.15 CA
ECA-8823 - Bad default CRL parameters when importing CA
ECA-8832 - Create button enabled while viewing CA non privileged.
ECA-8858 - Test failure in ConfigdumpCertificationAuthorityUnitTest
ECA-8859 - CA does not get selected on Add End Entity page load, test failure in EcaQa59_EEPHidden
ECA-8861 - Strip key alias when creating new keys
ECA-8864 - I cannot download generated certificate request as PEM or DER. An exception has occurred.Server returned: 500
ECA-8869 - Fix duplicate/ambiguous network name on old Jenkins jobs
ECA-8870 - Fix selenium tests jobs of Domain Blacklists on Jenkins
ECA-8871 - Test EcaQa5_AddEndUserEndEntity fails due to changing element IDs and incorrect profile
ECA-8873 - No certificate profile specified in EcaQa202_NegativeBlacklistExactMatch test
ECA-8874 - EcaQa77_EndEntitySearch is sensitive to the environment
ECA-8880 - UpdatePublicKeyBlacklistCommandTest contains empty folder in resources, which fails with GIT
ECA-8881 - Empty POST to /.well-known/est/simpleenroll results in NullPointerException
ECA-8884 - PKCS#11 CP5 Cryptotoken type displayed even if no libraries are configured
ECA-8885 - HealthCheckTest fails on Community Edition
ECA-8888 - Test failures in Selenium jobs due to port conflict
ECA-8890 - Certificate Validator ignores profile settings
ECA-8893 - ServiceLocatorException on approval/notification when mail is not configured
ECA-8900 - The wrong certificate profile is edited when opening two certificate profiles in different tabs/windows
ECA-8910 - Jenkins Oracle DB is missing indexes, which causes failures
ECA-8912 - No remote key bindings listed on CA when any keybinding references a non-existent key
ECA-8915 - Usability: Verify allowed characters in key aliases when generating keys in using Azure Key Vault REST API.
ECA-8916 - Fix Jenkins test failure in EcaQa76_AuditLogSearch
ECA-8917 - Pre-sign Certificate Validator gives error when using ECDSA and a CA using HSM
ECA-8925 - Fix timing sensitivity in CTLogTest
ECA-8942 - Web Services - DN Merge Issue with Multiple OU Fields
ECA-8948 - Avoid NPE when no CA configured in EST alias
ECA-8955 - SCEP renewal should give nice error message when renewal cert does not exist
ECA-8956 - SCEP RA mode should not log on error level for normal handled error cases
ECA-8957 - Fingerprints not normalized on public key blacklist import
ECA-8959 - Public EC keys generated by a Pkcs11NgCryptoToken are always using explicit EC parameters
ECA-8960 - Regression: throwing checked Exceptions from postConstruct is not allowed in JEE spec
ECA-8985 - Certutil dump file created in Windows cannot be read by 'ejbca.sh ca importcertsms'
ECA-8989 - Unable to upload a zip with custom CSS files
ECA-8993 - CMP response message with PBE protection does not include configured extra certs
ECA-9012 - 'General Settings' Help/Documentation link 'Edit Validator' page is broken
ECA-9015 - Import Help/Documentation is broken under System Configuration/Custom RA Styles
ECA-9024 - AJAX for associating an RA style with a role is broken
ECA-9025 - Weird error message when certificate profile cannot be removed
ECA-9028 - Validators Help/Documentation link is broken under Edit CA page
ECA-9029 - Approval request not done by cert authenticated admins shows blank in Requested By
ECA-9030 - Improve audit logging for custom RA styles
ECA-9038 - NPE clicking Receive Certificate Response in Edit CA screen, if nothing is uploaded
ECA-9048 - Some languages not working for subject DN when viewing certificates in CA GUI
ECA-9060 - Adding a new label with a existing OID does not give you any error/message.
ECA-9064 - Prevent inactive CmsCAService to try to load keystore
ECA-9069 - Some CA lists in services are not sorted
ECA-9071 - Regression - 2 Edit buttons displayed in RA Web End Entity Details page
ECA-9073 - Approvals can't be edited by admin
ECA-9078 - Documentation link for Enable End Entity Profile Limitations? is broken
ECA-9080 - Documentation link for 'Create Authenticated Certificate Signing Request' is broken
ECA-9082 - 'ETSI PSD2 QC Statement' Documentation link refers to the wrong page
ECA-9086 - Missing documentation for CA/Browser Forum Organization Identifier
ECA-9103 - Ed448 and Ed25519 not supported in RA UI and Public Web
ECA-9104 - Edit end entity can log the wrong changed DN if DN merge is used
ECA-9106 - Regression: Unable to submit to CT logs
ECA-9109 - Regression: RA GUI: Regardless of the format chosen the downloaded certificate is always a PKCS12 certificate.
ECA-9110 - EJBCA adminweb is not accessible after configuring "Custom Publisher"--An exception has occurred. For input string: "60000"
ECA-9111 - Regression: EJBCA CA key renewal service does not work on subCAs
ECA-9112 - Selenium Tests in Jenkins
ECA-9125 - Avoid that upgrade adds duplicate OCSP extension that already exists
ECA-9126 - Methods to delete Ocsp Responses fail
ECA-9128 - Regression: Peers cannot deserialize TreeMap
ECA-9129 - Custom extensions cannot be deserialized by EJBCA
ECA-9130 - Regression: can not change CVC terminal type in CA UI
ECA-9136 - RaMasterApi reports wrong API_VERSION
ECA-9137 - Regression: Not possible to activate rollover renewal, CA rollover cert activation is not rendered in Admin UI
ECA-9138 - Documentation link broken in Edit Publisher 'Publisher Queue' section
ECA-9143 - NPE editing SCEP alias after rename of end entity profile and SCEP alias list items are not sorted
ECA-9150 - Audit Log page error
ECA-9152 - Some certificates are missing when downloading a JKS chain
ECA-9153 - Always close SSH connections created by the SCP publisher
ECA-9154 - Regression: can't edit ICAO document type list in adminweb
ECA-9157 - OCSP audit and account logging does not work when serving pre-produced responses
ECA-9159 - NJI11ReleasebleSessionPrivateKey always assumes RSA
ECA-9166 - Class was not found on classpath
ECA-9167 - Typo error in ORM mapping for ApprovalData
ECA-9170 - SecureXmlDecoder cannot deserialize enums created in Java 6
ECA-9172 - Rollover of expired CA will not make it active due to CRL generation failure
ECA-9174 - NPE in configuration checker if certificate profile linked from end entity profile does not exist
ECA-9178 - HealthCheckServlet is trying to create a "filename.properties" with no path
ECA-9181 - Deleting token used for 'Force Local Key Generation' breaks Basic Configurations page
ECA-9188 - Don't persist responses with status 'Unknown'
ECA-9190 - NullPointerException in Statedump when a non-existent publisher is still in use
ECA-9192 - Not possible to add additional CA certificates to CMP response
ECA-9200 - Regression: Several ajax calls on certificate profile page broken
ECA-9202 - Statedump support for the Google Safe Browsing Validator
ECA-9204 - It is possible to rename a CA with no name
ECA-9205 - NPE when testing the connection of a VA Peer Publisher referencing non-existing peer system
ECA-9207 - Regression: Created CVC Authenticated requests can not be downloaded in Admin UI