EJBCA is an open source (LGPL) PKI Certificate Authority with all the bells and whistles of proprietary products. You can issue certificates using all common PKI protocols, and you can integrate the CA very flexibly because all the interfaces are open. EJBCA is most suitable for larger organizations that wants to issue certificates for servers, vpns, user login, secure email, document signing, passports, smart cards etc etc.
The 3.8.0 release is focused on improving user friendliness by refactoring the administrator validation handling, making it much easier to configure administrators for the admin-GUI. It is now also possible to use certificates from external CAs for administrator authentication. This makes is possible to use for instance a national ID card to log in to the EJBCA admin-GUI.
Notable changes in no specific order:
- Restructure administrator validation to allow admins using externally issued certificates.
- Add a CLI subcommand to add an administrator in an admin group using the serial number.
- Drop administrator flag in end entities, it's not needed, makes configuration easier together with remade admin GUI.
- Possible to generate CA PKCS#10 request without giving CA certificate.
- Add support for SEIS Card Number extension.
- Added KRB5PrincipalName subjectAltName.
- Option in certificate profiles for reversing DN order.
- Enroll for CV certificate on public web.
- Upload PEM or binary certificate requests on public web.
- Possible to sign releases and deployed code.
- Enhanced basic custom certificate extension.
- Command to list objects in Luna HSM partition.
- Some bug fixes.
Naturally there is a nice upgrade path from earlier releases.
EJBCA has been around for along time since the first release on sourceforge in 2001. A lot has happened during this time.
Read more, and download, on the project homepage. http://www.ejbca.org
Read the full changelog at http://jira.primekey.se/browse/ECA?report=com.atlassian.jira.plugin.system.project:changelog-panel