EJBCA Software Appliance 2.7.1 Release Notes
MARCH 2025
We are pleased to announce the release of EJBCA Software Appliance 2.7.1.
This release brings an updated version of EJBCA Enterprise, enhanced features for Luna Network Hardware Security Modules (HSMs), and minor bugfixes.
Highlights
New version of EJBCA Enterprise
EJBCA Enterprise has been updated to version 9.2.1. For more information, see the EJBCA Release Notes.
Enhanced Luna HSM Integration
This release significantly enhances the integration between Luna HSM and the Software Appliance. Users of the Luna HSM solution now benefit from the following enhancements.
Luna Client Update
EJBCA Software Appliance now supports Luna Client v10.7.2, ensuring compatibility with RSA 4096-bit NTLS certificates and AES-256-CBC private key encryption.
Integration with External CAs
Enables the EJBCA Software Appliance to generate, download, and re-upload Luna Client NTLS CSR files for certificates signed by external or internal CAs. Users can customize parameters (such as, CN, key type, validity period, key size) and seamlessly install the signed certificates within the appliance.
Internal CA and Trusted Server Management
Allows uploading and managing internal CA certificate chains within the Luna Client’s trust store and allows adding HSMs to the appliance without relying on the HSMs server certificate. This simplifies the use and rotation of internally signed NTLS certificates without requiring extensive manual updates.
Luna HA Group Enhancements
Streamlined HA Group configuration and management directly within the Software Appliance, including key parameters (for example, hagroup halog
, interval
, recoverymode
, retry
). Enhanced logging and monitoring capabilities enable easier troubleshooting. Additional commands for LunaCM and improved visibility of dropped group members further ensure high availability and reliability.
Improvements and Corrections
The following lists other improvements and corrections included in the release.
TrustWay Proteccio Migration Script Adjustments: The migration script for TrustWay Proteccio has been updated to cover all currently supported versions, preventing inadvertent rollbacks each time the persistence layer restarts.
Port Forwarding Fix for nShield Driver: Resolved an issue where nShield HSMs could no longer fetch the software-based key hash from the appliance due to multi-NIC configurations. Port 9004 is now properly opened on the management interface when enabled, restoring the original functionality.
Syslog Format Enhancements: Added support for both RFC-3164 and RFC-5424 syslog message formats within the EJBCA Software Appliance. New installations default to RFC-5424, while existing ones remain on RFC-3164. Administrators can easily switch the format in Webconf to ensure maximum compatibility.
Upgrade Information
For important information on the required steps to update the Software Appliance, see Update Software Appliance.