EJBCA 9.6 Upgrade Notes

Below are important changes and requirements when upgrading to EJBCA 9.6.

For general information about upgrading EJBCA, see Upgrading EJBCA.

For details of the new features and improvements in this release, see the EJBCA 9.6 Release Notes.

Database Changes

Subject Alternative Name column size increased

The size of the subjectAltName column in the CertificateData, NoConflictCertificateData, and UserData tables has been increased from 2000 to 8000 characters.

During upgrade, EJBCA automatically updates the column size on supported databases.

If the EJBCA database user does not have ALTER TABLE privileges, you must manually run the ALTER TABLE commands included in the upgrade scripts, see https://docs.keyfactor.com/ejbca-software/latest/upgrade-ejbca-software-stack.

Due to an Oracle database limitation, Oracle Database remains limited to 4000 characters, see https://docs.keyfactor.com/ejbca-software/latest/installation-prerequisites.

Behavioral Changes

/v2/certificate/search requires stricter access rules

The v1/certificate/search and v2/certificate/search API endpoints now require the /ca_functionality/view_certificate access rule to view certificates returned by the search end points. Endpoint users without this permission will receive empty search results.

OAuth Authentication Redirect URL Change

The redirect URL used during OAuth authentication is dynamically derived from the incoming request. In versions prior to EJBCA 9.4, the redirect URL was constructed based on the configuration in web.properties.

As a result of this change, you may need to update the list of allowed redirect URLs in your trusted OAuth provider configuration to ensure successful authentication.