EJBCA 6.15 Upgrade Notes

Below are important changes and requirements when upgrading from EJBCA 6.14 to EJBCA 6.15. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. For details of the new features and improvements in this release, see the EJBCA 6.15 Release Notes

Database Changes

With the introduction of ACME protocol support in EJBCA 6.15, we've had to introduce the following new tables to EJBCA: 

  • AcmeAccountData
  • AcmeAuthorizationData
  • AcmeChallengeData
  • AcmeNonceData
  • AcmeOrderData

As always, these can either be created automatically if database user rights are sufficient or created manually using the bundled creation scripts.

We've created indexes for:

  • AcmeAccountData
  • AcmeAuthorizationData
  • AcmeChallengeData
  • AcmeOrderData

The indexes are found in doc/sql-scripts/create-index-ejbca.sql and we recommend applying them on any production environment using ACME. 

Behavioral Changes

Custom Certificate Extensions

With the introduction of wildcards and non-required CCEs, we've tightened how extensions in enrollment requests are handled. Where in prior versions undefined extensions in the request would simply be dropped from the final certificate, in 6.15 and later requests containing unmatched extensions will be treated as erroneous and rejected.