October 26, 2015


EJBCA 6.4.0

Continuing PrimeKey's market and technology leadership in industrial strength PKI, EJBCA 6.4.0 is the second major release in 2015. This release brings a slew of new features and improving usability in the UI across the board.

Read Press Release

EJBCA Enterprise 6.4.0 Release Notes

The PrimeKey EJBCA® team is proud to announce the release of EJBCA Enterprise 6.4.0. This major release contains 134 new features, bug fixes and improvements. Below is a selection of the most noteworthy:

New Features

  • Improved policy enforcement. Granular control has been added to DN and SAN elements in End Entity Profiles. Entered values can be controlled using regular expressions.
  • New features making even easier for audits and regulatory compliance. Most of the UI has been given read-only rights, and a new role template (named Auditor) can be created and built upon to allow an auditor to view but not modify.
  • Further extending run-time flexibility, Custom Certificate Extensions and Extended Key Usages can now be added on the fly from the UI. Hence, no longer is a JBoss restart required when new ones are added.
  • New application server support. WildFly8 and WildFly9 are now supported platforms.
  • Improved and automatic upgrades procedures,  saving time when updating or upgrading; with approved and tested upgrade paths. EJBCA now tracks its own version, allowing many steps that were previously performed as part of manual upgrades to be performed automatically instead. In future versions, manual upgrades will be available from the UI as well as the CLI.


  • Improvements in usability and user-friendliness. System Configuration has been split into sections and tabs.
  • "Exclude Active Manually-Activated CryptoTokens" check box is checked by default in System Configuration, meaning that clearing caches won't by default deactivate all crypto tokens.

Bug Fixes

  • All reported security warnings or issues have been fixed.
  • Fixed a NullPointerException when Client Certificate Renewal was performed over SCEP under certain circumstances.
  • Setting "Allow merge DN Web Services" in the End Entity Profile caused SAN to be dropped.
  • Remote EJB deserialization of collections of certificates failed on JBoss 7.1.1 GA.
  • SCEP Client Certificate Renewal allowed renewal of expired certificates.
  • Information leakage pertaining to usernames from the public web.
  • ExternalRA GUI password was leaked to the logs.

Technology Changes

  • Support for XKMS has been removed and is no longer available.
  • Underlying BouncyCastle Library has been upgraded to version 1.53.
  • Support has been dropped for JDK6.
  • Support has been dropped for JBoss5.

More information

Product sheet and basic information on EJBCA Enterprise is available here.

For further information contact Tomas Gustavsson, CEO and CTO, tel: +46(0)70 742 10 96, e-mail: tomas.gustavsson@primekey.se