JULY 2023

The Hardware Platform team is pleased to announce the release of EJBCA Hardware Appliance and SignServer Hardware Appliance version 3.12.0.

The release also brings new updated versions of EJBCA Enterprise and SignServer Enterprise.


New versions of EJBCA Enterprise and SignServer Enterprise

EJBCA Enterprise 8.0

Updated version of EJBCA Enterprise, see the EJBCA Release Notes.

SignServer Enterprise

Updated version of SignServer Enterprise, see the SignServer Release Notes.

Phasing out support for Utimaco PKCS#11 R1

We are gradually reaching the final stage of phasing out support for the legacy Utimaco PKCS#11 R1 stack. Customers using PKCS#11 R1 with their current installation are advised to upgrade and migrate to PKCS#11 R2.

Using the Hardware Appliance Web Configuration wizard, you can migrate your data to PKCS#11 R2 when restoring a backup of an installation still running PKCS#11 R1, see Migrating the HSM Key Material from PKCS#11 R1 to PKCS#11 R2. If you need help with the migration process, please contact Keyfactor support for assistance. 

With the next major release, Hardware Appliance will no longer support PKCS#11 R1. 

New Features and Improvements

The following lists new features and improvements included in the release.

  • Update the supported Java version to Java 11 with EJBCA and SignServer
  • Use EJBCA RA web for the SuperAdmin Certificate enrolment during first installation instead of EJBCA Public Web. 
  • Possibility to choose the Key Algorithm for SuperAdmin Certificate.
  • The offered Public Access link for EJBCA on WebConf directs to EJBCA RA Web instead of Public Web.
  • Support for TLS 1.3.

Upgrade Information

Please note the following known limitations when upgrading to version 3.12.0:

  • ECDSA-Brainpool Algorithms are only supported with P11NG (MONT-3987)
  • EJBCA WebService does not work if TLS 1.3 is enabled (MONT-4034)
  • Changing IPv4 address in a cluster might lead to IPv6 address disappearing (MONT-3626)
  • Updating a cluster node > node1 might lead to IPv6 address disappearing (MONT-3625)

For important upgrade information and limitations to be aware of, review the Upgrade Notes.