EJBCA 3.6.2 released

After lots of work 3.6.2 is now released.

This is a minor release but with a record amount of fixes for a point
release. New features, improvements and a lot of bugfixes
rounding a lot of rough edges.

Some very notable changes are:

- Major improvements to the External OCSP responder with more
configuration options and
completely new Audit and Account logging. With the new, highly
configurable, logging it is
suitable for using as a service charging for, and auditing, requests.
- New documentation feature with on-line documentation deployed in the
Web interface by default.
Question mark links from options that are hard to understand in the
Admin-GUI are now possible.
- Lots of improvements to the Admin-GUI with configuration for
autogenerated passwords and fixing a lot of small GUI bugs and quirks.
- Fail over mechanism for the LDAP publisher.
- Improved documentation for more HSMs, Admin-GUI, etc.
- Improvements for other app servers apart from JBoss.
- MS document signing extended key usage, and tool for importing
certificates from MS CA.
- Lots and lots of small bugfixes.
- Updated translations.

Read the changelog for details.

This is a plug-in upgrade from 3.6.x. See UPGRADE for the simple
instructions.

Changes
-------
New Feature
* [ECA-348] - Option to generate non-exportable private keys in IE
* [ECA-739] - Accounting log on OCSP responder
* [ECA-740] - When requiring signed OCSP request, configure allowed issuers
* [ECA-865] - Add tool for importing certificates from a MS CA
* [ECA-876] - Generated documentation should be reachable from within
the EJBCA Web GUI
* [ECA-908] - Support MS document signing extended key usage
* [ECA-914] - Configure if OCSP responses should use KeyId or Name as
ResponderId

Improvement
* [ECA-390] - Make it possible to select password generation parameters
for autogenerated user password
* [ECA-547] - Send custom certificate publisher information found in
certificate or CRL.
* [ECA-640] - Popup window with valid ${Foo} variables near any field in
which they can be used
* [ECA-657] - Import and export of end entity profiles should not have
to depend on existing CAs.
* [ECA-696] - Import profiles improvement.
* [ECA-760] - Relocate 'p12' to 'ejbca-custom' if/when present (by default)
* [ECA-765] - Log whenever an attempt to activate a CA with the wrong
activation code is made
* [ECA-789] - Display issuer in listcas cli command
* [ECA-790] - ejbcarawscli should print error message if it can not find
the admin keystore
* [ECA-795] - Notifications are not editable, but looks editable.
* [ECA-810] - Make advanced search for ProtectedLog available
* [ECA-822] - Default healthcheck db query causes table scan
* [ECA-826] - EjbcaWsHelper makes double allocations when looking up
remote beans
* [ECA-833] - Simple LDAPPublisher failover
* [ECA-854] - Remove confusing error message about not finding
ejbca-custom directory when running ant
* [ECA-859] - Delta CRL generation message
* [ECA-870] - Accept PEM certificates with BEGIN TRUSTED CERTIFICATE
* [ECA-872] - Improve public page for CA certificate retrieval
* [ECA-874] - General JUint test improvements
* [ECA-880] - Better defaults and help for Freshest CRL Extension /
DeltaCRLs
* [ECA-881] - Be able to drop the 0, O, l and 1 from the auto generated
passwords
* [ECA-884] - Add approvalDN variables to add/edit end entity notifications
* [ECA-885] - Add email variables where possible for use in notifications
* [ECA-887] - Document how validity is assigned for a CA
* [ECA-913] - Configure if OCSP responses should include whoe cert chain
or only signer

Task
* [ECA-702] - JDK 1.6 u4 causes EjbcaWS to stop working
* [ECA-796] - Add documentation on how to use EJBCA with GemSAFE Toolbox
* [ECA-805] - Update German translation

Bug
* [ECA-496] - When using a fixed Certificate Profile as template, the
FIXED property is inherited.
* [ECA-682] - WS Cli error message is not good when it cannot find the
.jks file
* [ECA-770] - Protected Log Device always sends 'missing row' email
alerts when it shouldn't with MySQL using InnoDB
* [ECA-783] - During the last step if IE enroll, the URL-path is missing
the "ejbca"-part.
* [ECA-788] - Bull TrustWay support
* [ECA-793] - Using of module protected keys with netHSM-500 failed
* [ECA-797] - Cannot activate a CA with a Safenet Luna SA Token.
* [ECA-798] - A card key or a soft key must be defined in order to run
the P11 external OCSP responder.
* [ECA-802] - Exception when approving KeyRecovery
* [ECA-803] - PKCS10 requests from OCSP responder uses null attributes
* [ECA-806] - Equal error code contants in OCSPUnidResponse
* [ECA-809] - ocsp cli client can not sign requests
* [ECA-812] - EJBCA 3.6 does not deploy on Glassfish
* [ECA-815] - NullpointerException downloading CA certificated without CN
* [ECA-817] - Possible NullpointerException when no extended information
exists for user
* [ECA-820] - Signing CMP responses does not work with most PKCS#11 HSMs
* [ECA-823] - Deadlock in ProtectedLogData with stresstest
* [ECA-824] - CA activation page does not display correct for Expired CAs
* [ECA-831] - High load on ProtectedLog might generate false alarm on MySQL
* [ECA-836] - Email notifications are not able to handle autogenerated
passwords.
* [ECA-837] - PKCS10 with no attributes causes NullPointer exception
* [ECA-841] - ExtRA PKCS12 request does not work with approvals
* [ECA-843] - Some words not localizables in CA Activation
* [ECA-850] - CN name like 'Graham O'Regan' cannot be entered case
sensitive in the 'Add Administrator'
* [ECA-851] - No messages are created during CA Activation
* [ECA-861] - Misdirected error output from "ra listusers" CLI to
standard output
* [ECA-866] - Import of externally chained PEM failes
* [ECA-875] - Trying to reset Subject AltName or Email for a end entity
fails
* [ECA-888] - Profiles allow you to enter things like 'Peter & Partners'
in the O and OU field - but a 'Add Entity' will fail
* [ECA-889] - NPE when running TestEjbcaWS
* [ECA-895] - Batch generation doesn't work on initial user creation
(WebUI / profiles)
* [ECA-898] - Incorrect initialization of NumberArray in
EndEntityProfile causes annoying log output
* [ECA-901] - email modified in LDAP even if attributes should not be
modified
* [ECA-902] - LdapSearchPublisher can not modify attributes
* [ECA-903] - LdapSearchPublisher uses Ldap DN instead of Cert DN to search
* [ECA-905] - java.lang.NullPointerException when creating new end
entity with only end time, with end entity profile limitations enabled
* [ECA-909] - OCSP responder not working on Weblogic
* [ECA-911] - OCSP not responding for CAs that have been notified about
expiration
* [ECA-912] - NPE on Glassfish on error.jsp in publiweb


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop