Below are important changes and requirements when upgrading from EJBCA 6.15 to EJBCA 7.0. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. For details of the new features and improvements in this release, see the EJBCA 7.0 Release Notes.

Database Changes

The certificateRequest column has been added to the CertificateData, NoConflictCertificateData and Base64CertData tables. The new column is nullable and by default empty. There are upgrade scripts available in the src/upgrade/615_70 folder. Note that the field is unused at the moment but will be used in future releases for storing the CSR along with an issued certificate.

Behavioral Changes

Case sensitivity of Full DN match for Role Members

We have updated the X509: with Full DN match option to match case sensitive. Previously it could perform a case insensitive match, even though it was configured to match case sensitive.

We strongly recommend checking that your administrator roles using X509: with Full DN are correctly set up before upgrading.

Limitations on DN strings with support for multi-value RDNs

We have added background support for multi-value RDNs which includes more strict parsing of DNs. The most notable change is that previously when you used plus signs in a DN, these were automatically escaped. Now, plus signs must be escaped. For more information, see Subject Distinguished Names.

Changed Order of DN Component in Sample File

We have corrected the order of the DN component organizationIdentifier in the example file dncomponents.properties.sample.

If you have been using a custom dncomponents.properties file, building on the sample file and you have used the organizationIdentifier DN component, you may experience issues if you change the custom dncomponents.properties file to match the updated value. Let us know if you are subject to this special case, and we'll assist you.