June 10, 2015


EJBCA Enterprise 6.2.10 and 6.3.2

The PrimeKey EJBCA® team is happy to announce the release of EJBCA Enterprise 6.2.10 and EJBCA Enterprise 6.3.2. PrimeKey’s EJBCA Enterprise provides you the most adaptable and powerful way to run a complete PKI certificate authority.

These two releases are of special use for customers automating certificate management, with automatic renewal and seamless CA rollover, and for issuing very large volumes non-managed certificates, typically used in IoT applications.

The below release notes give a short overview of the most noteworthy changes of these versions:

EJBCA Enterprise 6.2.10

  • Certificate Profile settings have been added for optimizing environments without certificate storage, both not storing certificates to the database at all (like the already existent CA setting) and for writing all meta data, but not the certificate itself.
  • A CLI command has been added to remove publishers and all references to those publishers.
  • EJBCA was upgraded to BouncyCastle 1.52
  • Security: POP was not verified properly in WebService requests.
  • Regression: HealthCheck can again be automatically set for new Cas.
  • Regression: Certificate keyUsage was invalid when using the allowKeyUsage setting in certificate profiles.
  • Regression: Caching in crypto tokens could cause adhoc upgrades of OCSP responders to fail.
  • Fixed an issue where deleting an HSM slot rendered the GUI unusable.

EJBCA Enterprise 6.3.2

  • CA certificate rollover via SCEP implemented in accordance to draft-nourse-scep-23.
  • Build times have been improved.

More information

Product sheet and basic information on EJBCA Enterprise is available here.

For further information contact Tomas Gustavsson, CEO and CTO, tel: +46(0)70 742 10 96, e-mail: tomas.gustavsson@primekey.se