URI Name Constraints Declaration in the UI

Updated handling of URI Name Constraints in the user interface. Previous behavior expected protocol to be part of the name constraint, which was not in line with RFC 5280. This behavior has been amended in the UI but does not affect name constraints declared through WS or REST.

"View End Entity" and "Delete End Entity" Access no longer Required for Enrollment from RA GUI

In previous versions of EJBCA, it was necessary to grant Delete End Entity access to make a role able to create certificate requests in the RA GUI. Additionally, View End Entity access was required when enrolling via CSR. As of EJBCA 7.9.0, neither of these access rules are required, and only Create End Entity access is needed. For more information, see RA Administrator Access Rules.

Recommended use of Bundled Bash Scrips with CLI Applications

If running one of our various CLI applications such as the CAA checker, the EJBCA CLI, or ClientToolBox, we strongly recommend running the bundled .sh script as opposed to running the application straight from the command line using java -jar. If doing so, note that the flag -Dlog4j1.compatibility=true needs to be added to the command.

New Microsoft Azure APIs

As of version 7.9, EJBCA no longer uses the deprecated ADAL library to access Microsoft Azure APIs. If your EJBCA installation uses Intune SCEP, the Microsoft Intune Certificate Revocation Service, or the Azure CRL Publisher, you may need to update your configuration.

Also, if you are using a peer for any of the above services, both the peer and the main CA will need to be running at least version EJBCA 7.9.

Legacy External RA GUI

The UI section of the legacy External RA (which was recommended prior to the implementation of the EJBCA RA) has been deprecated and removed.

Batch Enrollment GUI

The Batch Enrollment GUI has been out of support for several years and has now been deprecated and removed.