Skip to main content
Skip table of contents

EJBCA Software Appliance 2.8 Release Notes

JUNE 2025

We are pleased to announce the release of EJBCA Software Appliance 2.8.0.

This release includes core updates to EJBCA, support for additional HSM integrations, improved configurability of data disk sizes as well as various system improvements and bug fixes.

Highlights

New Version of EJBCA Enterprise

EJBCA Enterprise has been updated to version 9.3.2. For more information, see the EJBCA Release Notes.

Support for n/k OCS Cards and High Availability Mode for nShield HSMs

The Software Appliance now supports n-out-of-k One-Time Card Sets (OCS) with preload functionality. This enhancement meets regulatory requirements for dual-control processes and improves security during key loading and activation of high-privilege operations.

Additionally, we have introduced High Availability (HA) functionality for nShield modules using preloaded 1/n card sets. In this mode, at least one card from the set must always remain inserted in the card reader of the connected modules. The key advantage over traditional load balancing is that modules automatically rejoin the HA group when they become available again, eliminating the need to restart the appliance application for reconnection.

Customizable Data Disk Capacity

Version 2.8.0 introduces full support for dynamic resizing of the data disk via WebConf. The appliance now ships with a smaller default disk size (10 GB instead of 2 TB) to reduce initial storage footprint.

A new Storage Management section has been added to WebConf, enabling users to view disk information and, if applicable, extend the data partition to its maximum allowed size.

⚠️ Note: Disk shrinking is not supported. This is due to technical limitations in most hypervisors (e.g., ESXi, KVM), which do not allow reliable partition downsizing on active virtual disks. Manual shrink operations carry a high risk of data loss and are intentionally excluded.

Improvements and Corrections

Further improvements and corrections included in this version are listed below:

  • Updated the DPoD driver for compatibility with the latest firmware versions

  • Fixed an issue where Syslog messages were missing the PRI field when using RFC 5424 formatting.

  • Resolved a bug where the Syslog format migration script was triggered multiple times unnecessarily.

  • Updated Thales TCT Luna Client to 7.13.2 – Replaced version 7.12.1 due to a critical bug affecting HA Group reconnection. The new version resolves the issue; a migration step ensures a safe transition.

  • Network interfaces can now be assigned one or more alias names via WebConf. This allows more precise control over which names or addresses can be used to access the user interface. It significantly enhances security and offers better protection against certain types of attacks. Additionally, when logging in via OIDC, the correct network connection is now automatically used — especially useful when multiple network interfaces are active.

Upgrade Information

For information on the required steps to update the EJBCA Software Appliance, see Update Software Appliance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close