Skip to main content
Skip table of contents

EJBCA 9.0 Upgrade Notes

Below are important changes and requirements when upgrading from EJBCA 8.x to EJBCA 9.0.

For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. For details of the new features and improvements in this release, see the EJBCA 9.0 Release Notes.

Upgraded Technology Stack

EJBCA has been migrated from Java EE 8 to Jakarta EE 10, requiring the use of an application server compatible with Jakarta EE 10. The recommended servers for this release are WildFly 32 and JBoss EAP 8.0. Additionally, Java 17 is now the supported runtime environment for EJBCA 9.0. For more information, see Installation Prerequisites.

Database Changes

JDBC Connector Version Update

As part of the migration to Jakarta EE 10, updated Java Database Connectivity (JDBC) connectors are now required for MariaDB and Microsoft SQL Server databases. For more information, see EJBCA Installation.

MariaDB Connection URL Update

If you are using MariaDB connector version 3.0 or later, the following changes to the MariaDB connection URL are necessary:

  • If the MySQL identifier is being used, append ?permitMysqlScheme to the connection URL. For example:

    CODE 
    jdbc:mysql://127.0.0.1:3306/ejbca?permitMysqlScheme

  • Alternatively, you can use the MariaDB identifier in the connection URL instead, as shown below:

    CODE 
    jdbc:mariadb://127.0.0.1:3306/ejbca

Behavioral Changes

Improved Certificate Authority Health Check Configuration

The Include in health check property now defaults to true.

The default value for the Include in health check property is now set to true for all newly created CAs within the application. Additionally, this property can now be configured through both the EJBCA ConfigDump tool and the user interface.

  • ConfigDump configuration:

    • The property CA Healthcheck Enabled can now be used in SSH CA configuration files.

    • Updated Import and Export behavior:

      • When importing a CA, if the health check property is not specified, it will default to true.

      • When exporting a CA, this property is omitted if set to true.

  • Edit CA user interface configuration:

    • The Monitor if CA active (health check) setting is now available for SSH CAs.

Allowed Username Characters

In EJBCA 8.3.2, a regression caused usernames containing the plus (+) or ampersand (&) characters to be rejected. The issue has been resolved, and + and & characters are now allowed in usernames.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close