Below are important changes and requirements when upgrading from EJBCA 6.14 to EJBCA 6.15. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. For details of the new features and improvements in this release, see the EJBCA 6.15 Release Notes.

Database Changes
Behavioral Changes
- Custom Certificate Extensions
- Case Sensitivity of Full DN Match for Role Members

Database Changes

With the introduction of ACME protocol support in EJBCA 6.15, we've had to introduce the following new tables to EJBCA:

AcmeAccountData
AcmeAuthorizationData
AcmeChallengeData
AcmeNonceData
AcmeOrderData

As always, these can either be created automatically if database user rights are sufficient or created manually using the bundled creation scripts.

We've created indexes for:

AcmeAccountData
AcmeAuthorizationData
AcmeChallengeData
AcmeOrderData

The indexes are found in doc/sql-scripts/create-index-ejbca.sql and we recommend applying them on any production environment using ACME.

Behavioral Changes

Custom Certificate Extensions

With the introduction of wildcards and non-required CCEs, we've tightened how extensions in enrollment requests are handled. Where in prior versions undefined extensions in the request would simply be dropped from the final certificate, in 6.15 and later requests containing unmatched extensions will be treated as erroneous and rejected.

Case Sensitivity of Full DN Match for Role Members

As of EJBCA 6.15.2, we have updated the X509: with Full DN match option to match case sensitive. Previously it could perform a case insensitive match, even though it was configured to match case sensitive.

We strongly recommend checking that your administrator roles using X509: with Full DN are correctly set up before upgrading.