The EJBCA team is pleased to announce the newest release of our open-source PKI software EJBCA Community Edition with version 7.10 and thank each and every EJBCA Contributor for your work in getting us here.

These release notes cover new EJBCA Community features and improvements implemented between EJBCA Community and EJBCA Community

This EJBCA Community Edition release includes improvements to the REST API, enhanced self-renewal functionality, and a certificate publisher.


REST API Improvements

The EJBCA REST API is continuously extended and improved. With this release, we have added a new endpoint v2/certificate/profile/{certProfileName} to enable retrieval of certificate profile information, such as available key algorithms. We also added key specification parameters to /v1/certificate/{request_id}/finalize that allow for finalizing an approval request when the key algorithm is not already set.

In addition, the REST API documentation has been improved. We have added more details to the documentation for all endpoints, including endpoint and parameter descriptions and expected request and response values. For more information on the REST API documentation, see EJBCA REST Interface.

Certificate Self-Renewal

An updated version of the self-renewal feature is now available in the EJBCA RA user interface. Clients can now authenticate themselves to the RA Web using a client certificate and renew their own (and only their own) certificate without the intervention of an RA administrator.

Administrators can enable this feature per end entity profile to specify a minimum amount of time before expiration that the renewal should be allowed. For more information, see the end entity profile field Allow Renewal Before Expiration, and to learn more about EJBCA RA operations, see the RA Operations Guide.

Cert Safe Publishing to HTTPS Server

The Cert Safe Publisher is now available in EJBCA Community Edition, allowing you to configure EJBCA to publish certificate issuance and lifecycle events (revoke and unrevoke) over HTTPS to a Cert Safe server using the Cert Safe REST API. Using this feature you can make certificates and lifecycle events accessible in systems external to the CA. The external system needs to implement the CertSafe REST API to receive the events. For more information, see the Cert Safe Publisher.

Downloads and Resources

EJBCA Community releases follow the release schedule for the Enterprise Edition, including all major and feature releases.

There are several options available for downloading the latest EJBCA Community:

  • EJBCA Community is available for download from GitHub.
  • EJBCA Community Container is available for download from Docker Hub.
  • EJBCA Community is available for download from SourceForge.

For download links, documentation, and contact information, see For upgrade instructions, see Upgrading EJBCA.

Want to learn more about our open-source software? Get in touch over at EJBCA Discussions on GitHub, a collective space where you can share feedback and contribute ideas to future releases. We would love to hear from you.

Keyfactor Community

In the Keyfactor Community, developers, engineers, and security teams can get hands-on with Keyfactor's open-source PKI and signing software, share ideas with peers, and learn from industry experts. Find out more and sign up for the Keyfactor Community Newsletter at Keyfactor Community.