Skip to main content
Skip table of contents

EJBCA Hardware Appliance 5.2.0 Release Notes

DECEMBER 2025

We are pleased to announce the release of EJBCA Hardware Appliance 5.2.0.

With this release, we have added support for EJBCA Enterprise 9.4.2, network-attached HSMs (Luna, nShield, Securosys, Proteccio, DPoD, Utimaco) and external databases (MariaDB, Oracle Database, PostgreSQL, Microsoft SQL Server), enabling better integration and scalability for demanding environments. In addition, the Hardware Appliance can now be configured for post-quantum cryptography (PQC) with u.trust and Luna, further modernizing the platform and preparing for future security requirements.

The release also introduces the ability to use the SCP publisher directly from the user interface, improving usability and operational efficiency, along with an updated EJBCA 9.4.2 version and a range of further improvements and bug fixes.

Announcing EJBCA Licensing Mechanism in EJBCA 9.4

As of EJBCA 9.4.2 the EJBCA Container Set, EJBCA Software Appliance, and EJBCA Hardware Appliance (Next Generation) require a valid license file to run.

To use the EJBCA application within the appliance the corresponding license provided by Keyfactor must be uploaded.
A valid license can be found in the download folder.
To obtain or renew an expired license contact support@keyfactor.com.

Important!

  • In order for the update to be successful, you will need a valid license.
    Without the license, you will receive the error message No valid license found.

  • EJBCA can only be started if a valid license has been uploaded.

  • If an update has been performed without a valid license:

    • no data or key material will be lost

    • only the service will be discontinued.

  • For further details refer to License Management.

Highlights

New version of EJBCA Enterprise

EJBCA Enterprise has been updated to version 9.4.2.
For more information, see the EJBCA Release Notes.

Licensing for EJBCA Hardware Appliance

With this release, the EJBCA 9.4.2 application requires a valid license file to run. The license file can be found in the download folder. If this is not the case, please contact Keyfactor before upgrading to ensure that you have a valid license file. After upgrading to Hardware Appliance 5.2.0, the EJBCA application will not start until a valid license has been uploaded and verified.
Once the license is in place, the application will start normally and all services will be available.
Instructions for this process can be found in the License Management documentation.

⚠️ Important: Plan your maintenance window accordingly. Obtain and stage the license before the update to avoid extended downtime. If you are unsure about your license status or delivery channel, contact your account team or support (support@keyfactor.com) before upgrading.

Support for Network-Attached HSMs

Connect the Next Generation Hardware Appliance to network-attached HSMs (Luna, nShield, Securosys, Proteccio, DPoD, Utimaco) to reuse existing HSM infrastructure and support more deployment scenarios. The HSM configuration page was redesigned to accommodate the new network-attached options with a clearer setup flow and improved feedback.

External Database Connectivity

Use external databases (MariaDB, Oracle Database, PostgreSQL, Microsoft SQL Server) with the Next Generation Hardware Appliance to meet higher storage and scalability requirements.

PQC Support with u.trust and Luna

Enable PQC-capable configurations with u.trust and Luna HSMs to prepare the Hardware Appliance for upcoming post-quantum security needs.

SCP Publisher

The SCP Publisher now supports flexible use across all EJBCA deployment types, including the EJBCA Hardware Appliance 5.2.0.
SFTP is also available as a secure alternative to SCP, offering improved compatibility and key-pair–based authentication through EJBCA Crypto Tokens. For configuration details, see SCP Publisher.

Improvements and Corrections

The following lists other improvements and corrections included in the release.

  • Improved reliability of remote PIN pad connection tests, especially in firewall-protected environments.

  • Corrected display of Luna backup tokens.

  • Enhanced stability of HSM backup and restore procedures for Luna and u.trust HSMs to avoid invalid backups.

  • Ensured that the reported HSM firmware version is correctly updated after restoring key synchronization packages.

  • Improved handling of the FIPS mode configuration for u.trust HSMs during migration so that the FIPS flag is preserved correctly.

  • Redesign HSM Configuration

    Redesigned HSM configuration page to simplify setup and ongoing management, with a clearer layout, improved guidance, and more actionable validation and error feedback.

Upgrade Information

For information on the required steps to update the EJBCA Hardware Appliance, refer to

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close