xipki | Java Ecosystem Directory

Bot releases are hidden (Show)

xipki - v6.5.3 Latest Release

Published by xipki 10 months ago

Gateway
- Bugfix: fixed bug "Cannot update an existing certificate over CMP"
- Add new REST APIs to re-key certificates.
MGMT-CLI (Management Client)
- Check whether database for caconf is empty before importing.
Dependencies
- jackson: 2.16.0 -> 2.16.1
- log4j: 2.20.0 -> 2.22.1
The binary xipki-setup-6.5.3.zip can also be downloaded from the maven central repository
- Directly via HTTP download
  https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.3/xipki-setup-6.5.3.zip
- Via the maven-dependency-plugin
```
<artifactItem>
  <groupId>org.xipki.assembly</groupId>
  <artifactId>xipki-setup</artifactId>
  <version>6.5.3</version>
  <type>zip</type>
</artifactItem>
```
SHA256 Checksum
- b60abff7004b8b0418df2ff025db0e6704a5c5d38b93042a6c21fc62603b6a56 xipki-setup-6.5.3.zip

xipki - v6.5.2

Published by xipki 10 months ago

All Components
- Add script to customize host and port of tomcat instances, passwords, etc.
- Audit: use Map<String, String> instead String to configure audit.
Gateway
- Merge gateway wars to gateway.war.
MGMT-CLI (Management Client)
- Add demo scripts.
- Command ca:ca-info prints also the associated publishers, profiles and requestors.
Dependencies
- dnsjava: 3.5.2 -> 3.5.3
The binary xipki-setup-6.5.2.zip can also be downloaded from the maven central repository
- Directly via HTTP download
  https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.2/xipki-setup-6.5.2.zip
- Via the maven-dependency-plugin
```
<artifactItem>
  <groupId>org.xipki.assembly</groupId>
  <artifactId>xipki-setup</artifactId>
  <version>6.5.2</version>
  <type>zip</type>
</artifactItem>
```
SHA256 Checksum
- 3889f86f97beb4e8099eedef5241ce6ba7ac5ff2bd892f2b08f7c6c658733125 xipki-setup-6.5.2.zip

xipki - v6.5.1

Published by xipki 11 months ago

CA, OCSP, Gateway, HSM Proxy
- Add scripts to copy files automatically.
The binary xipki-setup-6.5.1.zip can be downloaded from the maven central repository
- Error in the INSTALL.md in the restored root folder
  - Script setup/provision-keycerts.sh does not exist, it has been merged to setup/generate-keycerts.sh.
- Directly via HTTP download
  https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.1/xipki-setup-6.5.1.zip
- Via the maven-dependency-plugin
```
<artifactItem>
  <groupId>org.xipki.assembly</groupId>
  <artifactId>xipki-setup</artifactId>
  <version>6.5.1</version>
  <type>zip</type>
</artifactItem>
```

xipki - v6.5.0

Published by xipki 11 months ago

All Components
- No demo keys and certificates will be delivered.
- Simplified password configuration.
CA
- Change the location of file 'calock'.
- Add configuration of reverseProxyMode.
- Add support of file-based CA configuraion.
- Unified message format of CA configuration in CA management API and Database Ex-/Import.
- Remove support of database with DBSCHEMA.VERSION <= 8 (XiPKI v6.3.0 and less).
  Use MGMT-CLI to export-then-import these databases.
OCSP
- Remove the management interface (not necessary)
Gateway
- Add configuration of reverseProxyMode.
HSM Proxy
- New component introduced in this version.
Dependencies
- xipki ipkics11wrapper: 1.0.7 -> 1.0.8
- xipki commons: 6.3.1 -> 6.3.2
- bouncycastle: 1.76 -> 1.77
- jdbc driver postgresql: 42.6.0 -> 42.7.0
- jdbc driver mariadb: 3.2.0 -> 3.3.0
- jdbc driver h2: 2.2.220 -> 2.2.224
The binary xipki-setup-6.5.0.zip can be downloaded from the maven central repository
- Directly via HTTP download
  https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.0/xipki-setup-6.5.0.zip
- Via the maven-dependency-plugin
```
<artifactItem>
  <groupId>org.xipki.assembly</groupId>
  <artifactId>xipki-setup</artifactId>
  <version>6.5.0</version>
  <type>zip</type>
</artifactItem>
```

xipki - v6.5.0-b1

Published by xipki 11 months ago

Beta release of v6.5.0.

xipki - v6.4.0

Published by xipki about 1 year ago

CA
- Feature: encode the requests and responses between gateway and ca-server in CBOR format (was JSON).
- Feature: extend Properties to use the place-holder ${env:name} for environment and ${sys:name} for system property.
- Feature: add limitation to the name of CA, publisher, requestor, cert profile, signer, and alias of CA.
- Feature: add support of constant value of types PrintableString, UTF8String, INTEGER, BIT STRING and OCTET STRING.
- Feature: add limitation to the name of CAs, signers, publishers, requestors, and certificate profiles.
- Feature: allow the use of aliases for certificate profiles in a CA.
- Add support of tomcat 10+
OCSP
- Feature: extend Properties to use the place-holder ${env:name} for environment and ${sys:name} for system property.
- Add support of tomcat 10+
Gateway
- Feature: add support of ACME with challenge types dns-01, http-01 and tls-alpn-01
- Feature: encode the requests and responses between gateway and ca-server in CBOR format (was JSON).
- Feature: extend Properties to use the place-holder ${env:name} for environment and ${sys:name} for system property.
- Feature: add support of short URLs in EST, REST and SCEP gateways.
- Add support of tomcat 10+
CLI
- N/A
MGMT-CLI (Management Client)
- N/A
Dependencies
- Replace JSON parser gson with jackson.
- Bouncycaste: 1.73 -> 1.76
- ipkcs11wrapper: 1.0.5 -> 1.0.7
- log4j: 2.19.0 -> 2.20.0
- mariadb-java-client: 3.1.4 -> 3.2.0
- slf4j: 1.7.32 -> 1.7.36
SHA256 Checksum
- 47e9a24a15e3352a6a172606efb56b824f0c37d477434ee7a13a8cffce7049ee xipki-setup-6.4.0.zip

xipki - v6.3.0

Published by xipki over 1 year ago

Release date: 2023/04/29
CA
- Do not check the uniqueness of serial number in database if it contains
  at least 95 random bits.
- Fixed bug "the scheduled generation of CRLs does not work".
- Split the database of CA to 2 databases: 1 only for the CA's
  configuration, and 1 for the generated certificate and CRLs.
  Note: software of this version works also with databases of versions
  between 6.0.0 and 6.2.x.
OCSP
- N/A
Gateway
- N/A
CLI
- N/A
MGMT-CLI (Management Client)
- N/A
Dependencies
- ipkcs11wrapper: 1.0.4 --> 1.0.5
- bouncycastle: 1.72 --> 1.73
- replace tinylog with log4j2 v2.19.0.
Misc
- Compared to 6.2.0, there is only one ZIP-file for all software components.
- Source: the modules audit, audit-extra, datasource, password, security,
  shell-base, util, xipki-tomcat-password have beed moved to
  xipki/commons.
SHA256 Checksum
- 4db0e27eabc01f4cecc67d2eb5501556a7ee17b43a98e650bacd8c14030aea90 xipki-setup-6.3.0.zip

xipki - v6.2.0

Published by xipki over 1 year ago

Release date: March 26, 2023
CA
- Extend the entities to generate CRLs from master CAs to all CAs.
- Rewritten the PKCS#11 code.
(CA) Gateway
- Rewritten the PKCS#11 code.
OCSP
- Rewritten the PKCS#11 code.
CLI
- Support PBE-encrypted password in the karaf shell.
- Support PBE-encrypted password in the SSL configuration.
- Rewritten the PKCS#11 code.
- Add missing letters in SecurePasswordInputPanel.
MGMT-CLI (Management Client)
- Support PBE-encrypted password in the karaf shell.
- Support PBE-encrypted password in the SSL configuration.
- Rewritten the PKCS#11 code.
- Add missing letters in SecurePasswordInputPanel.
Dependencies
- Replace jpkcs11wrapper v1.0.0 by ipkcs11wrapper v1.0.4.
- tinylog: 2.6.0 --> 2.6.1
- JDBC driver postgresql: 42.5.3 --> 42.6.0
- JDBC driver mariadb: 3.1.2 --> 3.1.3
- zip4j: 2.11.3 --> 2.11.5
SHA256 Checksum
- b6730e714559c6f39cf586088e90176130780800d1d41bc95a5ebf9c4baa8c36 xipki-ca-6.2.0.zip
- e6d32b798366511ea1a52967c38047378f6b1f518a856e924a05a36261e18cb0 xipki-cli-6.2.0.tar.gz
- 72dca9ab209e5e53d49848046f93636a5079ae115dd605528975f07826c9f1f5 xipki-gateway-6.2.0.zip
- 39d00ab231c85deda2c77ce7900654681dbe02e6540ea6d036fe994f02fddd6e xipki-mgmt-cli-6.2.0.tar.gz
- 4a40542221c49393e20e882cd779ea2cb9d9d1f903dfd235c140e57c26d3652c xipki-ocsp-6.2.0.zip

xipki - v6.1.0

Published by xipki over 1 year ago

CA
- Use SQL scripts instead the Liquibase XML file to initialize the database
- Rewritten the PKCS#11 code
(CA) Gateway
- Rewritten the PKCS#11 code
OCSP
- Use SQL scripts instead the Liquibase XML file to initialize the database
- Rewritten the PKCS#11 code
CLI
- Rewritten the PKCS#11 code
MGMT-CLI (Management Client)
- Add command ca:sql to execute SQL scripts.
DB Tool
- Removed. Merged to MGMT-CLI.
Dependencies
- Removed dependency liquibase.
- Replace fastjson by gson
- Replace sunpkcs11-wrapper by jpkcs11wrapper
- apache-karaf: 4.3.7 --> 4.4.3
- tinylog: 2.5.0 --> 2.6.0
- JDBC driver mariadb-java-client: 2.7.6 --> 3.1.2
- JDBC driver postgresql: 42.4.2 --> 42.5.3
SHA256 Checksum
- ebd08fe0e25cff1f59b5845aa405ac4e68e7cfb55540798a675e3d2e165777f4 xipki-ca-6.1.0.zip
- 21c6a06c8930ce3de896de067647744806ce9d2da27a48a667ca9f6d4a6ba052 xipki-cli-6.1.0.tar.gz
- dc002025656a2874134cbc1cedf50fff078179538f3adc19772614be6a554edc xipki-gateway-6.1.0.zip
- 8f9429178a863f4317772f4b3737efefd75d17b4dc09ed60aea596dcfc27894c xipki-mgmt-cli-6.1.0.tar.gz
- 37f862f0b5ed48b6317fadfc77b6940ba00a727a7d7fb217618146f0b38723d0 xipki-ocsp-6.1.0.zip

xipki - v6.0.0

Published by xipki about 2 years ago

CA
- CA communicates only with RA over RESTful API with mutual TLS.
- Remove the support of protocols CMP and SCEP with CA.
- Add support of EST.
- Change the database schema of CA.
- Reduce the minimal interval to generate CRL from 1 day to 1 hour.
- Add integrity protection of the audit entries.
- Add feature to save the keypair generated by the CA (in encrypted form).
- Add feature to generate keypair in software token, in hardware token, or from keypool (database).
(CA) Gateway
- New module: protocol proxies (RA) for different protocols CMP, SCEP, EST and RESTful API.
OCSP
- N/A
CLI
- Add option to encrypt the database export result.
- Remove support of JDK 8.
MGMT-CLI (Management Client)
- Add new module mgmt-cli (was part of the module cli)
DB Tool
- N/A
Dependencies
- Bouncycastle from 1.70 to 1.72
- Fastjson from 1.2.79 to 1.2.83
- Liquibase fom 4.7.1 to 4.15.0
- Tinylog from 2.3.2 to 2.5.0
- H2 jdbc driver from 1.4.200 to 2.1.214
- MariaDB jdbc driver from 2.7.5 to 2.7.6
- PostgreSQL jdbc drive from 4.2.24 to 42.2.24 to 42.4.2
SHA256 Checksum
- 0f61edccb82b670780c68ff2cf243f99add0d7703d4bac1071ebd0a05c83ae83 xipki-ca-6.0.0.zip
- a4afbab9c8b1de6e53ed157dfab7cf195e5b4c7cf1947ee042c45d445470448b xipki-cli-6.0.0.tar.gz
- 8a62a7825371824b2aff2ebc230baad14c1ba01ccc64ac3db72f7c9d478ca1da xipki-dbtool-6.0.0.zip
- 33e32a6de88cd443fab31877228cbf22594edf5fa5a6824b20ca0dd301247aef xipki-gateway-6.0.0.zip
- 7e132f2490126af9ab788c6c42fa1f97878f92da315e175dcc494310f742ab0c xipki-mgmt-cli-6.0.0.tar.gz
- 0e99933f0abf3ef50aedf8e67ec55b5237107efc0d1d66a12e9ed49c70a6e466 xipki-ocsp-6.0.0.zip

xipki - v5.3.15

Published by xipki over 2 years ago

CA
- Add support of JDK 17
- Add option to control whether to save certificates in the database.
- Add option sql.type to use database other than pre-defined types
- Customize behavour for ncipher HSM and smartcard-based HSM
- Allow the specification of Utimaco's vendor user CKU_CS_GENERIC
- Add license mechanism
- Embed the bouncycastle jars in the installation binary
OCSP
- Add support of JDK 17
- Allow configuration of sign algorithms not matching keys
- Add option sql.type to use database other than pre-defined types
- Customize behavour for ncipher HSM and smartcard-based HSM
- Allow the specification of Utimaco's vendor user CKU_CS_GENERIC
- Add license mechanism
- Embed the bouncycastle jars in the installation binary
- Use h2-database for OCSP cache and CRL by default (can be configured to other database type)
CLI
- Add support of JDK 17
- Correct the configuration of sslTruststorePassword
- Customize behavour for ncipher HSM and smartcard-based HSM
- Allow the specification of Utimaco's vendor user CKU_CS_GENERIC
DB Tool
- Add support of JDK 17
- Add option sql.type to use database other than pre-defined types
Dependencies
- Update liquibase 3.10.3 to 4.7.1, pkcs11-wrapper from 1.4.8 to 1.4.9, karaf from 4.2.14 to 4.2.15 (jdk8) and 4.3.6.
SHA256 Checksum
- 6f9c9413cff232035dd6efd67d93844cfe8aee3d41624c2de6ed4243e4a346ae xipki-ca-5.3.15.zip
- 7b541fee2f75f9da2754e74d43a9efd8a834eedd6c0f72ca0ba69a1fbd8ce78d xipki-cli-5.3.15-jdk8.tar.gz
- e415f620249cba9ffe25b307a166f272893a5d756ffcb7af093bd00dbab3a154 xipki-cli-5.3.15.tar.gz
- 3121700f85c1f71ec18a6d79e8813464a2c79c192a77cd3f28d6dd065bde14fb xipki-dbtool-5.3.15.zip
- c518cbecf441da613f98df407f524fa2ac8a07461bf08a170e848c538269fcf0 xipki-ocsp-5.3.15.zip
- 26aebcc6fe553a244d03859c43a8f20e52b03614f2dcfe1da3df876ba7f01630 xipki-p11proxy-5.3.15.zip

xipki - v5.3.14

Published by xipki almost 3 years ago

CA
- Feature: Include postgres jdbc driver in the binary.
- Feature: Deprecate the use of CertPublisher.isAsyn().
- Feature: Add support of SM2 in unprofessional HSMs.
- Feature: Generating self-signed certificate requires now only subject instead of CSR.
- Feature: Allow the per-HSM configuration of the vendor mechanisms.
- Feature: Use id-certProfile defined in CMPv3 instead of xipki's customized method to specify the certificate profile.
- Feature: Extend the certificate profile to specify the behaviour of notAfter (STRICT, CutOff, BY_CA).
OCSP
- Feature: Allow the per-HSM configuration of the vendor mechanisms.
- Feature: Add option to control maxNextUpdatePeriod in OCSP response.
- Feature: Reduce the column size of OCSP response in the OCSP cache database.
CLI
- Feature: Allow the per-HSM configuration of the vendor mechanisms.
DB Tool
- N/A
Dependencies
- Update karaf 4.2.11 to 4.2.14, bouncycastle 1.69 to 1.70, slf4j from 1.7.25 to 1.7.32, pkcs11-wrapper from 1.4.7 to 1.4.8, fastjson 1.2.76 to 1.2.79
SHA256 Checksum
- 3563731e85c5d69e64498d9b547933f670b4808d07207a10e4cffb0170e2797c xipki-ca-5.3.14.zip
- 8ab7ced0b8360c5acc6242a5e3a8c3f6d7d8f39fff4651d9f01f8c484eb0442a xipki-cli-5.3.14.tar.gz
- 991d548eec77627fe349723efc13124ecb4e3d9610cc9af67404530a67e9b86a xipki-dbtool-5.3.14.zip
- 262a6c195705a681244aca13dcaf9128ac0404a8f94d0c0580241c03e5a6c9e3 xipki-ocsp-5.3.14.zip
- e29c012dc17070344ed453f11fe306f77d318ac1d4ba432eb6c40e190373d67f xipki-p11proxy-5.3.14.zip

xipki - v5.3.13

Published by xipki over 3 years ago

CA
- Bug fix: Fix NullPointerException if no SubjectKeyIdentifier mode is configured in CertProfile.
- Feature: In PKCS#11 emulator, use AES_GCM instead of PBE to encrypt the secret/private keys
- Feature: Rename the binary from ca-war-*.zip to xipki-ca-*.zip
- Note: Since version 1.69 of bouncycaste, download and copy also the bcutil-<version>.jar to lib (in tomcat) and lib/ext (in jetty).
OCSP
- Feature: In PKCS#11 emulator, use AES_GCM instead of PBE to encrypt the secret/private keys
- Feature: Rename the binary from ocsp-war-*.zip to xipki-ocsp-*.zip
- Note: Since version 1.69 of bouncycaste, download and copy also the bcutil-<version>.jar to lib (in tomcat) and lib/ext (in jetty).
CLI
- Feature: Exclude the original bouncycastle jars delivered in karaf.
- Feature: In PKCS#11 emulator, use AES_GCM instead of PBE to encrypt the secret/private keys
DB Tool
- Feature: Rename the binary from dbtool-*.zip to xipki-dbtool-*.zip
Dependencies
- N/A
SHA256 Checksum
- 0d3a954a52f0aa732a314a95ab9a63e9b837c4628c297ce87c095b242090ee73 xipki-ca-5.3.13.zip
- bba7f56664197b6c2ee711eac67dcf651eaaf47950fa98d52f6b26d33aa31d1b xipki-cli-5.3.13.tar.gz
- 4c8e381c87705a8f11646a8cc2ec6dfde3ae5a3b56671410add5fae7114460b2 xipki-dbtool-5.3.13.zip
- 98024ebb050e25dfedd675199cdc2b589951bb33780ec734acd88b201b562933 xipki-ocsp-5.3.13.zip
- 6e7380eacf82264f56bfe8ad2b8cc39388a15b0766a2d557b2bebe32822003b6 xipki-p11proxy-5.3.13.zip

xipki - v5.3.12

Published by xipki over 3 years ago

This version has bugs in CA, please use v5.3.13 instead.

CA
- Bug fix: Fix file path bug in Windows
- Bug fix: In CMP, Use NULL Sender if MAC is used to protect the message
- Bug fix: Fixed incorrect behaviour of extra-control
- Feature: Add support of certificates signed with SHAKE128WITHRSAPSS, SHAKE256WITHRSAPSS, ECDSAWITHSHAKE128 and ECDSAWITHSHAKE256.
- Feature: Allow the configuration of signature algorithm *withRSAandMGF1 with *withRSAPSS.
- Feature: Allow the configuration of method to compute SubjectKeyIdentifier
- Feature: Reduce the minimal size of serial number from 9 to 1
- Feature: Allow the derivation of subject field from the SubjectPublicKeyInfo
- Feature: Allow sending certchain in CMP and SCEP response
- Feature: Allow generating random serial number for self-signed certificate
OCSP
- Feature: Better Hash Algorithm's Parameters (ASN.1)
- Feature: Allow configuration of signature algorithm *withRSAandMGF1 with *withRSAPSS.
CLI
- Bug fix: Fixed ClassNotFoundException for JDBC classes.
- Bug fix: Fixed incorrect behaviour of extra-control
- Feature: Allow configuration of signature algorithm *withRSAandMGF1 with *withRSAPSS.
- Feature: Set the default type of cert profile of ca:profile-add to xijson.
- Feature: Add commands xi:osinfo, xi:file-exists, xi:datetime, xi:key-exists-p11.
DB Tool
- N/A
Dependencies
- Bump bouncycastle from 1.68 to 1.69
- Bump apache-karaf from 4.2.9 to 4.2.11
- Bump hikaricp from 3.4.5 to 4.0.3
- Bump fastjson from 1.2.73 to 1.2.76
- Bump fastjson from 2.1.2 to 2.3.2
- Bump liquibase from 3.6.3 to 3.10.3.
SHA256 Checksum
- da220d6f26a6a0d89d7a7fc80bf7e1b70baced7ff9109c59b162062cde7e783d ca-war-5.3.12.zip
- 19acac8105a1e09c7e78d5044bd837eb02724e8accc69ca2f2e24ae6f4c5e96f dbtool-5.3.12.zip
- cbd29c23254c23c7d600b5a6448ac10e478ec1f1b85ed2bef2af322b0c10cf4a ocsp-war-5.3.12.zip
- 69903934d9f8b7faa679ad213635110cc4b40add9f5b6b5e03993bba8931956c p11proxy-war-5.3.12.zip
- 01a0624511da7337248416e3ef4a0c26ae2f2949f8b230aef9139f3e7d7791e9 xipki-cli-5.3.12.tar.gz

xipki - v5.3.11

Published by xipki almost 4 years ago

CA
- Split large java classes
- Changed max. validity of CAB EE cert: 825 -> 397
- Simplified the SQL queries
- Added expiredCertsOnCrl extesion if expired certificates in contained in CRL
- Do not remove revoked but expired certs
- Bump bouncycastle from 1.66 to 1.68
OCSP
- Split large java classes
- Simplified the SQL queries
- Bump bouncycastle from 1.66 to 1.68
CLI
- Split large java classes
- Bump bouncycastle from 1.66 to 1.68
DB Tool
- Split large java classes
PKCS#11 Proxy
- Split large java classes
SHA256 Checksum
- f86140af150539530d810c9a9e7634b1779b1b4ebbbcab30261347f8d7ea4e81 ca-war-5.3.11.zip
- b8bfee26d5040b4bbfb558e45573e3f76ac1269482b89134226b6b0384b49992 dbtool-5.3.11.zip
- 56102396c9cb56de7a962fd3eca29df194dd068a8b8145a5dde6cbb257ba6458 ocsp-war-5.3.11.zip
- cd19d08b64371bf03f3aaf1178e295910410091de27a4fadd2c966fda88c4f34 p11proxy-war-5.3.11.zip
- 681daf5044f1740940d19431ca07df0886d2c03679009601c901b0dae5710ff9 xipki-cli-5.3.11.tar.gz

xipki - v5.3.10

Published by xipki about 4 years ago

CA
- Fixed "Duplicate primary key ID" database error in some cluster databases. #186
- Added option to control whether to include the expired certificate. #188
- Add a dummy CRLEntry in an indirect CRL without revoked certificates to contain the certificate's issuer name. #189
- Removed table DELTACRL_CACHE. Use better method to generate the delta CRL.
- Removed generation of CRL with only CA or EE certs, this feature will not be used in general.
- Removed support of custom extension xipki-authorizationTemplate
- Removed unsupproted options duplicate-subject and duplicate-key
- Removed xipki custom request extension cmpRequestExtensions (1.3.6.1.4.1.45522.1.3)
OCSP
- Fixed "Duplicate primary key ID" database error in some cluster databases. #186
CLI
- N/A
DB Tool
- N/A
PKCS#11 Proxy
- N/A
SHA256 Checksum
- 688d3169e5f1dfc836080bd116483ddcd9a36ca76fe2c20e848513ef4ac07926 ca-war-5.3.10.zip
- 7e264ca1bf8f95f30480b80b0e3dc2f35127a4f9efb6b82aebafbabfba8addad dbtool-5.3.10.zip
- 1104360b0b0d08077a7778bdf59792323fcab73b0aef870b62698ed0e821d9c0 ocsp-war-5.3.10.zip
- 4774816ec77d8105b9b494438938903d1c8ece6f9347e45ecafdbf52280ea04c p11proxy-war-5.3.10.zip
- 3a0d80432b22a4265bd1661780249833ed3f466670be2963b85fa419427731af xipki-cli-5.3.10.tar.gz

xipki - v5.3.9

Published by xipki about 4 years ago

CA
- Relax FQDN check
- Handle the file calock correclty
- Fixed BUG: #179 handle requestor name case-insensitive
- Fixed BUG: #180 CA cannot process certificate request (CA generate keypair) via REST service
- Removed support of audit over syslog
- Removed support of yubikey token
- Use tinylog instead log4j2
OCSP
- Removed support of yubikey token
- Use tinylog instead log4j2
CLI
- Removed support of yubikey token
- Use tinylog instead log4j2
DB Tool
- New module introduced.
SHA256 Checksum
- f8f119502138b4ebc169a3b7bc34b2ea1b56c1cbc1d09f80d85915bdb315e221 ca-war-5.3.9.zip
- bb7ebe8651a72069dfb6f5accb388c0aaca1fb86198d5ef0a546a8ac1af7cdec dbtool-5.3.9.zip
- 3590a66d5724f617f66d2eb97860b013becadafda3915138a231af3b23a8a7dc ocsp-war-5.3.9.zip
- 3f6e338248e0d4eb34a2c7d8a23b1c7926c3c52fde5844890fbdf0eb02f2b3d1 p11proxy-war-5.3.9.zip
- 6051d87ad9c3a07413141860522c364c62698f95bc4c90896c4c56cc4688f2f3 xipki-cli-5.3.9.tar.gz

xipki - v5.3.8

Published by xipki over 4 years ago

CA
- Fixed bug: Set extension critical if contains key-purpose timeStamping
- Fixed bug: add extension deltaCRLIndicator to DeltaCRL
- Verify SCT before adding it to the cert
- Unify the use of X.509 certificate and CRL
- Add validation of IPv6 address
- Log software version
- Remove the CA controls DUPLICATE_{KEY|SUBJECT}
- For pre-defined DSA parameters, using Pi as seed
- Check pathLenConstraint before issuing certificate
- Use tagNo or tagName to identify a SAN tag in a certificat request
- accept also PEM encoded CSR in rest servlet
OCSP
- Unify the use of X.509 certificate and CRL
- Log software version
- Use generatedAt instead thisUpdate for OCSP cache
CLI
- Unify the use of X.509 certificate and CRL
- For pre-defined DSA parameters, using Pi as seed
- Add default value to slot, better usage for the param id
SHA256 Checksum
- 9f842b129e445f812095eabe95c9608000bf38c27b844e9dbe73772473211e04 ca-war-5.3.8.zip
- ff0b3795c61950583e025e28f77ee1c82a4f64197990544ff8edd97965d6bb79 ocsp-war-5.3.8.zip
- 13a12ecc1192ee5c194baa0cfdad893c8a8a2a865aef8fc1208c63ba0b2a5686 p11proxy-war-5.3.8.zip
- 447c14b15c49c6994ae66a1b2c0ecd8980f5ea78b21487395fefa1fd60f4ed02 xipki-cli-5.3.8.tar.gz

xipki - v5.3.7

Published by xipki over 4 years ago

CA
- Make XIPKI_BASE configurable.
- Do not set the highest bit, increase the dflt bit length from 127 to 159 of serial numbers
- Use overlap.days instead overlap.minutes to control the overlap in CRL
- Update hikaricp 3.4.1 to 3.4.2, fastjson 1.2.62 to 1.2.66.
OCSP
- Make XIPKI_BASE configurable.
- Fixed #447 OCSP-server cannot parse CRLs without revoked certificates.
- Corrected type from 'ejbca' to 'ejbca-db' in the configuration file.
- Fixed #148 Ocspd ignores the folder certs in case of CRL as source in ocspd.
- Use bytes instead of bits to specify the length of serial number.
- Change fullcrl.intervals from 1 to 7.
- Fixed #154 OCSP server cannot answer request with unknown extension.
- Update hikaricp 3.4.1 to 3.4.2, fastjson 1.2.62 to 1.2.66.
CLI
- Better print of time in the benchmark test
- Update karaf 4.2.7 to 4.2.8, hikaricp 3.4.1 to 3.4.2, fastjson 1.2.62 to 1.2.66.
SHA256 Checksum
- 929b56ad72b8fdb05c80570aca004569ff4738da1aa406ddd2e8c77bba49f3b1 ca-war-5.3.7.zip
- 89cc0855cb32ef7740c2050e38fdc95d082bf29429eb5fd6bed1b856549e342b ocsp-war-5.3.7.zip
- f864ecfde786892c16918d1d3dab75ad812ce08051b7e26678f68a2b29889e21 p11proxy-war-5.3.7.zip
- 65c226b3ed8de7e27e18e326e6bc99ff5e861951862a83a1c3f8e157f74be841 xipki-cli-5.3.7.tar.gz

xipki - v5.3.6

Published by xipki almost 5 years ago

CA
- BUG: Fixed #134 The issuerCertIssuer in the extension AKI is not set correctly
- Better handle of proxyed TLS connection
- Removed the support of insecure JKS keystore
OCSP
- BUG: Fixed NPE
- BUG: Fixed #137: set OCSP extension extendedRevoke to not critical
- BUG Fixed #140: OCSP response cacher saves time in (incorrect) milliseconds instead of (correct) seconds.
- Better handle of proxyed TLS connection
- Removed the support of insecure JKS keystore
- Changed the mode in ocsp-responder.json from RFC6960 to RFC2560 (configurable)
- #138 Set the extension nonce in OCSP response as NOT critical
- Include extn extendedRevoke only if unknown marked as revoked
CLI
- Removed the support of insecure JKS keystore
SHA256 Checksum
- 93dd572ba4766265549101037369d9c8f9624c0bb06d534ca324c9b69e144306 ca-war-5.3.6.zip
- d88d6bf2570a4b950216ee884d009537b30f81101e607ce91941ebd1007322c5 ocsp-war-5.3.6.zip
- 949363fef281c11ce5d501f6c9b69496cd16998fb763047c936ab8a346a4f527 p11proxy-war-5.3.6.zip
- e5117e7bf6f3d0224264543293d9bd294305220f6293fab03a58533d1979a24b xipki-cli-5.3.6.tar.gz