EJBCA 8.2 Upgrade Notes

Below are important changes and requirements when upgrading from EJBCA 8.1 to EJBCA 8.2.

Customers upgrading to EJBCA 8.2 are advised to specifically upgrade to version 8.2.0.3 since this specific version includes important updates.

For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. For details of the new features and improvements in this release, see the EJBCA 8.2 Release Notes.

Behavioral Changes

Changed behavior when searching for certificates in RA Web 

Before EJBCA 8.2.0, certificate search in RA Web always looked up entries using partial subject distinguished name, subject alternative name, username, full serial number, or external account ID. 

Starting from version 8.2.0, the default behavior has changed, and entries will be searched only by full serial number and partial subject distinguished name, with the option to extend search parameters by selecting the relevant checkboxes. This change was introduced to avoid full table scans by default which may cause the query to timeout on large databases.

VA Peer Publisher will always publish CA and OCSP signer certificate content

As of EJBCA 8.2.0, the Validation Authority Peer Publisher will always publish the full certificate base64 data for CA and OCSP key binding certificates to remote VAs, irrespective of the setting Store certificate at the Validation Authority. As a result, unintended errors during OCSP response generation are avoided.