Skip to main content
Skip table of contents

EJBCA Software Appliance 2.7.1 Release Notes

MARCH 2025

We are pleased to announce the release of EJBCA Software Appliance 2.7.1.

This release brings an updated version of EJBCA Enterprise, enhanced features for Luna Network Hardware Security Modules (HSMs), and minor bugfixes.

Highlights

New version of EJBCA Enterprise

EJBCA Enterprise has been updated to version 9.2.1. For more information, see the EJBCA Release Notes.

Enhanced Luna HSM Integration

This release significantly enhances the integration between Luna HSM and the Software Appliance. Users of the Luna HSM solution now benefit from the following enhancements.

Luna Client Update

EJBCA Software Appliance now supports Luna Client v10.7.2, ensuring compatibility with RSA 4096-bit NTLS certificates and AES-256-CBC private key encryption.

Integration with External CAs

Enables the EJBCA Software Appliance to generate, download, and re-upload Luna Client NTLS CSR files for certificates signed by external or internal CAs. Users can customize parameters (such as, CN, key type, validity period, key size) and seamlessly install the signed certificates within the appliance.

Internal CA and Trusted Server Management

Allows uploading and managing internal CA certificate chains within the Luna Client’s trust store and allows adding HSMs to the appliance without relying on the HSMs server certificate. This simplifies the use and rotation of internally signed NTLS certificates without requiring extensive manual updates.

Luna HA Group Enhancements

Streamlined HA Group configuration and management directly within the Software Appliance, including key parameters (for example, hagroup halog, interval, recoverymode, retry). Enhanced logging and monitoring capabilities enable easier troubleshooting. Additional commands for LunaCM and improved visibility of dropped group members further ensure high availability and reliability.

Improvements and Corrections

The following lists other improvements and corrections included in the release.

  • TrustWay Proteccio Migration Script Adjustments: The migration script for TrustWay Proteccio has been updated to cover all currently supported versions, preventing inadvertent rollbacks each time the persistence layer restarts.

  • Port Forwarding Fix for nShield Driver: Resolved an issue where nShield HSMs could no longer fetch the software-based key hash from the appliance due to multi-NIC configurations. Port 9004 is now properly opened on the management interface when enabled, restoring the original functionality.

  • Syslog Format Enhancements: Added support for both RFC-3164 and RFC-5424 syslog message formats within the EJBCA Software Appliance. New installations default to RFC-5424, while existing ones remain on RFC-3164. Administrators can easily switch the format in Webconf to ensure maximum compatibility.

Upgrade Information

For important information on the required steps to update the Software Appliance, see Update Software Appliance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.