Skip to main content
Skip table of contents

EJBCA Software Appliance 2.7 Release Notes

NOVEMBER 2024

We are pleased to announce the release of EJBCA Software Appliance 2.7.0.

This release brings an updated version of EJBCA Enterprise and support for CVC CAs. The release also features enhanced TLS certificate configuration and activation of TLS 1.3 with updated cipher configurations. Additionally, this release brings support for custom JDBC connection strings and security updates for MariaDB.

Highlights

New Version of EJBCA Enterprise

EJBCA Enterprise has been updated to version 9.1.1. For more information, see the EJBCA 9.1 Release Notes.

OCSP Validation for Client Certificates per Network Interface

We have introduced a new feature that enables the configuration of OCSP client certificate verification for each Network Interface Card (NIC). This enhancement applies exclusively to our HTTPS endpoints and provides greater flexibility for certificate validation.

Key Details:

  • To prevent accidental lockouts, OCSP client certificate validation cannot be enabled on the default interface.

  • If you change the default interface, any existing OCSP client certificate validation settings on the previous default interface will be automatically cleared.

Enhanced TLS Certificate Configuration and Performance Improvements

We’ve introduced a new feature that allows precise control over which Network Interface Card (NIC) is associated with a specific TLS certificate. Additionally, improvements have been made to boost performance during web configuration page rendering.

Key Details:

  • You can now assign a specific TLS certificate to an individual NIC, ensuring flexibility in certificate management.

  • Only one active TLS certificate is permitted per NIC, but the same certificate can be applied across multiple NICs if desired.

  • Configuration details, such as which TLS certificate is tied to each NIC, are stored directly in the NIC configuration for better clarity and organization.

  • To maintain compatibility, API changes were kept minimal to ensure existing network configuration clients (e.g., terminal UI and front-display) function without disruption.

  • The initial rendering of web configuration pages has been optimized by switching from sequential to concurrent resolution of requests, significantly speeding up load times.

Added Support for Card Verifiable Certificate (CVC) CAs

The Application Page now includes an extended Additional Application Settings section with a new checkbox to enable or disable CVC CA support.

Support balanced Oracle DB hosts from Webconf (Custom JDBC Connection String Support)

A new feature allows users to add a custom JDBC connection string override, providing greater flexibility for database setups that may not align with the standard configuration options. This ensures smoother integration with unique customer environments.

Adding support for TLS 1.3 & Updated TLS Cipher Support

  • The list of supported TLS ciphers has been streamlined, removing CBC mode and SHA-1-based ciphers for enhanced security.

  • TLS 1.3 is now enabled, resolving previous Post-Handshake Authentication issues caused by misconfigurations.

  • Optimized Apache directives, such as ThreadsPerChild and MaxRequestWorkers, to better align with system requirements and improve performance.

Improvements and Corrections

  • New driver added for Trustway Proteccio firmware 3.06.05 with client version 3.17 support, selectable under the Trustway Proteccio tile.

  • Improved system reliability by ensuring unused data from certain services is automatically cleaned up after a restart. This prevents unnecessary storage use and enhances overall performance.

  • The base operating system has been upgraded from AlmaLinux 8.8 to AlmaLinux 9.4, ensuring continued support, improved security, and access to the latest features.

  • A recent CVE (CVE-2024-21096) affecting MariaDB has been addressed in our latest update. While the Software Appliance is unlikely to be directly impacted due to no external access to the DB CLI, we’ve taken proactive measures by upgrading the MariaDB container to version 10.6.18, which includes the necessary security fixes.

Upgrade Information

For important information on the required steps to update the Software Appliance, see Update Software Appliance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close