February 29, 2016


EJBCA 6.5.0

The PrimeKey EJBCA® team is proud to announce the release of EJBCA Enterprise 6.5.0. This version puts into effect several security improvements and tightens up the Administration UI.

EJBCA Enterprise 6.5.0 Release Notes

Primekey Solutions is very pleased to release EJBCA 6.5.0 into the wild. This release has primarily focused on tuning up the UI and responding to security developments in the Java EE world in the last few months. We've shifted plenty of focus to QA during this period, so this version is the most stable we've released yet. All in all, we've fixed 145 new features, bugs and improvements.

Administration UI

  • Certificate profiles can now be set to restrict key algorithms, curves (for EC) and key length.
  • The CSCA "CA Name Change" feature from ICAO 9303 7th part 12 has been implemented.
  • Removed a possible XML exploit from the administration web.
  • Deserialization has been significantly hardened.
  • Fixed a possible information leakage in the administrative web in regards to certificate and end entity profiles.
  • Auditor default role has been given access to additional pages in the UI.

General Cryptography

  • The underlying BouncyCastle library has been upgraded to version 1.54.


  • All return and error codes from the CMP servlet have been documented.


  • OCSP responder can now cache the revocation status of client certificates (used to sign requests) for limited time periods.

External RA

  • CMP Proxy now checks for message signatures, HMAC and checks revocation status for signing certificates, relieving the CA of handling unauthorized messages.

Certificate Transparency

  • CT logs can now be submitted to log servers in parallel.

More information

Product sheet and basic information on EJBCA Enterprise is available here.

For further information contact Tomas Gustavsson, CEO and CTO, tel: +46(0)70 742 10 96, e-mail: tomas.gustavsson@primekey.se