The EJBCA team is pleased to announce the newest release of our open-source PKI software EJBCA Community Edition with version 7.11 and thank each and every EJBCA Contributor for your work in getting us here.

These release notes cover new EJBCA Community features and improvements implemented between EJBCA Community 7.10.0.x and EJBCA Community 7.11.0.

This latest community release introduces community support for the SCP Publisher and Certificate and CRL Reader Service. The release also brings partial support for the CMP Lightweight profile and upgrades Bouncy Castle to version 1.72.


SCP Publishing and Certificate and CRL Reader Service

Previously only available to EJBCA Enterprise Edition users, the SCP Publisher and Certificate and CRL Reader Service are now included in EJBCA Community 7.11. Utilizing the SCP Publisher, certificates and Certificate Revocation Lists (CRLs) can be periodically published to a remote host using SCP. These certificates and CRLs can later be retrieved by a Validation Authority (VA) instance and be used for OCSP responses utilizing the Certificate and CRL Reader service.

Partial Support for CMP Lightweight Profile

A subset of the CMP Lightweight Profile is now available for use with CMP in EJBCA 7.11. The CMP Lightweight profile defines a specified subset of CMP operations and functionality, mainly targeting industrial and IoT use cases including resource-constrained devices. With this release, support has been added for message protection with PBMAC-1 as well as the P10CR message body. For more information, see CMP.

Bouncy Castle upgraded to 1.72

EJBCA Community 7.11 upgrades Bouncy Castle to version 1.72.

Downloads and Resources

To download the latest EJBCA Community container, refer to Docker Hub.

For download links, documentation, and contact information, see For upgrade instructions, see Upgrading EJBCA.

Want to learn more about our open-source software? Get in touch over at EJBCA Discussions on GitHub, a collective space where you can share feedback and contribute ideas to future releases. We would love to hear from you.

Keyfactor Community

In the Keyfactor Community, developers, engineers, and security teams can get hands-on with Keyfactor's open-source PKI and signing software, share ideas with peers, and learn from industry experts. Find out more and sign up for the Keyfactor Community Newsletter at Keyfactor Community.