EJBCA 7.4.2 Release Notes
The PrimeKey EJBCA team is pleased to announce the release of EJBCA 7.4.2.
This release brings support for CertBot versions 1.4.0 through 1.6.0 and includes improvements and bug fixes.
Deployment options include EJBCA Hardware Appliance, EJBCA Software Appliance, and EJBCA Cloud.
Highlights
CertBot 1.4.0 through 1.6.0 supported
EJBCA support for ACME CertBot was limited to version 1.3.0. From this release, EJBCA also supports versions 1.4.0 through 1.6.0.
OCSP Responses no longer include Unspecified reason code
Due to changes in the CA/B Forum Baseline Requirements version 1.7.1, effective as of 2020-09-30, the behavior of the VA has been changed so that OCSP responses where the certificate is revoked with the "Unspecified" reason code, the reply will no longer include the reason code attribute.
Additional RDNs allowed in ACME Requests
In our initial implementation of the ACME protocol, only the CN field and dnsName SANs were processed. In order to allow for the issuance of other types of certificates from ACME, we now allow the inclusion of additional fields by enabling Allow subject DN override using CSR in the certificate profile.
Upgrade Information
Review the EJBCA 7.4.2 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.
EJBCA 7.4.2 is included in EJBCA Hardware Appliance 3.5.4 and EJBCA Cloud 2.4 and can be deployed as EJBCA Software Appliance.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in EJBCA 7.4.2, refer to our JIRA Issue Tracker.
Issues Resolved in 7.4.2
Released September 2020
New Feature
ECA-9360 - Omit "unspecified" revocation reason in OCSP responses
Improvement
ECA-9328 - Improve JackNJI11ProviderTest
ECA-9341 - Permit inclusion of additional subject DN fields when using ACME
Bug Fixes
ECA-9165 - Certbot 1.4.0-1.6.0 fails to enroll over RA peer
ECA-9285 - Warn about incorrect peer role configuration that breaks RA nodes
ECA-9301 - EJBCA freezes at startup if cyclic cross-signed root certificates are used in OCSP chain
ECA-9342 - SCP Publisher doesn't close all connections
ECA-9344 - DB import fails when number of objects are high
ECA-9357 - Count of successful publishing operations not correct in PublisherQueueSessionBean