EJBCA 7.5 Upgrade Notes
Below are important changes and requirements when upgrading from EJBCA 7.4 to EJBCA 18.104.22.168. (EJBCA 7.5.0 was an internal release, not generally available for customers.)
For upgrade instructions and information on upgrade paths, see Upgrading EJBCA . For details of the new features and improvements in this release, see the EJBCA 7.5 Release Notes.
EJBCA 22.214.171.124 contains the new columns accountBindingId in CertificateData and tokenProviderId in RoleMemberData as well as subjectDn, email in ApprovalData (added in EJBCA 7.4.3).
The columns are created automatically by Hibernate when EJBCA 126.96.36.199 is deployed for the first time. However, if your EJBCA database user does not have GRANT privileges, you need to run the ALTER commands in the upgrade SQL scripts before deploying EJBCA. SQL scripts are located under doc/sql-scripts/.
New Secure Authentication Web Property
To support authentication with both certificate and OAuth2 token, a new web.reqauth property has been added to the web.properties configuration file, replacing and deprecating the former property web.reqcert.
The new web.reqauth property enforces secure authentication by the client TLS certificate or OAuth2 token to access the EJBCA Administration interface. The change is backward compatible and thus the former web.reqcert property can still be used in existing configurations. Note, however, that new installations should only use the web.reqauth property.
Improved RA and CA Approvals Handling
RA approvals and CA approvals are now handled in their respective UIs.
RA Related Approvals Moved To RA UI
Approvals for the following actions are now managed using the RA UI and are no longer listed in the CA UI:
Add/Edit End Entity
CA Related Approvals Moved To CA UI
CA related approvals are shown in the CA UI (Supervision Functions > Approve Actions) and approvals for the CA Token Activation are no longer listed in RA UI. For more information, see Approving Actions.
Default Encoding of Policy Notice Text X.509 Certificate Extension Changed to UTF-8
When creating a new CA, the option Use UTF-8 in policy notice text previously defaulted to false in order to support older versions of Windows. Since Windows now supports the standard UTF-8 encoding, the default value of Use UTF-8 in policy notice text has been changed to true (enabled). The change only applies to creating new CAs and values of existing CAs are not changed.
Removed Support for Native Browser Enrollment
The Public Web menu option Create Browser Certificate has been removed since relevant browsers no longer support this functionality.
If upgrading a software installation of EJBCA eIDAS edition, the following two options need to be enabled in conf/web.properties in order for the Utimaco CP5 HSM options to be visible in the Admin UI when creating new crypto tokens and activating keys in crypto tokens.