Skip to main content
Skip table of contents

EJBCA 7.3.1.2 Upgrade Notes

EJBCA 7.3.1.2 is a maintenance release resolving a potential security issues.

Below are important changes and requirements to be aware of when upgrading from EJBCA 7.3.1 to EJBCA 7.3.1.2.

For general upgrade instructions and information on upgrade paths, see (7.3.1.2) Upgrading EJBCA.

Database Changes

Being a patch release, EJBCA 7.3.1.2 includes no database changes. If upgrading from 7.2.1 or earlier versions of EJBCA, the changes are the same as for EJBCA 7.3.

Behavioral Changes

CVCA Link Certificate Validity and Signature Algorithm

EXTENDED ACCESS CONTROL (EAC) EPASSPORT ONLY

When renewing a Country Verifying CA (CVCA) in the EJBCA Admin UI, a link certificate is automatically created. In earlier versions of EJBCA, the CVCA link certificate inherited the validity (notAfter date) from the old CVCA certificate. This has now been fixed and the notAfter date of the CVCA link certificate will now match the validity of the new CVCA certificate according to the Common Certificate Policy for the Extended Access Control Infrastructure for Travel and Residence Documents (BSI TR-03139).

When renewing a Country Verifying CA (CVCA) and changing the signature algorithm for the new CVCA, the link certificate was previously signed with the algorithm of the new CVCA. This has now been resolved and the link certificate is now signed with the algorithm of the old CVCA. Note that the algorithm identifier in the link certificate itself is the new algorithm as the algorithm is tied to the public key, not to the certificate signature.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close