EJBCA Hardware Appliance 5.2.2 Release Notes

MARCH 2026

We are pleased to announce the release of EJBCA Hardware Appliance 5.2.2.

This update introduces significant new capabilities for offline data management and cluster control. With the addition of USB Backup and Restore support, administrators can now easily manage backups using physical media. Furthermore, the new Manual HSM Sync for Luna Clusters provides granular control over synchronization processes in clustered environments.

This release also includes an update to EJBCA Enterprise 9.5.1 along with a variety of stability improvements and bug fixes.

Highlights

New version of EJBCA Enterprise

EJBCA Enterprise has been updated to version 9.5.1. For more information, see the EJBCA Release Notes.

USB Drives for Backup and Restore

The Hardware Appliance now supports backup and restore operations using external USB drives. To improve usability, the Webconf interface has been enhanced to automatically detect and list connected USB drives, eliminating the need for manual path entry. This feature provides a robust solution for air-gapped environments or scenarios where network-based backups (NFS) are not preferred.

Luna Cluster: Manual HSM Synchronization

A new Manual HSM Sync option is now available for Luna HSM Clusters, specifically designed for high-security environments and strictly regulated sectors (for example, Defense, Government, and Critical Infrastructure).

This feature allows administrators to disable automatic background synchronization of keys across cluster nodes. It addresses stringent security requirements where:

• Manual Verification is Mandatory: Every key synchronization event must be explicitly triggered and verified by authorized personnel.

• Network Restrictions: Organizations with "Air-Gapped" mentalities or strict regulations can now prevent any automated key transfer over network lines (VPN/TLS), ensuring that key material remains under absolute manual control.

• Regulatory Compliance: Meets specific internal and external audit requirements that forbid automated replication of cryptographic material.

Improvements and Corrections

The following lists other improvements and corrections included in the release.

• Hardware/HSM:

  • Fixed an issue where the DPoD driver could be lost after an appliance update.

  • Resolved a stability issue where the u.trust internal PKCS#11 session could silently terminate.

  • Fixed an issue where Luna partitions in an HA group were not displayed correctly.

  • Fixed a bug that could cause the HSM container to fail initialization after upgrading from version 5.1.2.

• Webconf and UI:

  • Improved the labeling in Webconf for Smart card user PIN changes and the Change PIN on Admin button for better clarity.

  • Resolved various UI issues related to Luna slot initialization and synchronization status.

  • Fixed an issue in cluster configurations where changing the Luna HSM Slot PIN via Webconf would fail or not synchronize correctly across nodes.

• System and Stability:

  • Fixed a bug where reboots did not wait for the database to shut down completely, preventing potential data corruption.

  • Resolved an issue where restoring with the keep current network configuration option caused all NICs to incorrectly use the default NIC's TLS certificate.

  • Fixed broken log rotation in the Base OS and disabled unnecessary system journal log forwarding to save resources.

  • Improved error handling for NFS browsing on the backup/restore page to provide more actionable feedback.

• Known Issue Resolved:

  • Fixed a bug affecting large-scale exports where the restore process became unresponsive. Previously, users attempting to migrate large databases would encounter a permanent hang at the Prepare HSM step. This issue is now resolved, ensuring stable restoration for high-volume environments.

Upgrade Information

For information on the required steps to update the EJBCA Hardware Appliance, refer to:

• u.trust HSM firmware update

• Luna HSM firmware update