As you might have noticed, we have been experiencing infrastructure problems lately, the last one today starting at 04:30 CEST.
The problems are related to our server infrastructure, but unfortunatle they affect both email services and the support system.
We are working presently on a fix and we are upgrading the underlying servers and services from today and all of next week.
The work has been planned so no critical services are affected simultaneously but some shortage might occur.
We thank you for your patience and understanding!
If you have a pressing issue, remember you can always reach us on the phone:
EMEAA: +46 8 522 11 660
The Americas: +1 (855) 583-7971
We're proud to announce the release of EJBCA 7.2
Please read the release notes below:
The PrimeKey webinar from June 14th, 2019, covers SignServer Enterprise, PKI and SignServer Appliance, SEE and the PrimeKey’s Cloud offering in AWS and Azure. Watch the briefing of PrimeKey products to find out the latest and greatest of each product, straight from each product owner.
Please click here to watch it:
PrimeKey PKI Appliance 3.3.0 Released
PKI Appliance 3.3.0 introduces major updates for EJBCA and SignServer. Additionally, more improvements have been implemented under the hood. The runtime environment for EJBCA, SignServer and WebConf has been updated to Java 1.8 and WildFly 14. Furthermore with this release, we are introducing the availability of a new PKCS#11 implementation to access the HSM. This will allow us, in the future, to add further features and improvements related to the HSM integration.
Below you can find the list of the most relevant updates.
* EJBCA Enterprise 184.108.40.206 - Please check out EJBCA release notes for further information: https://download.primekey.com/docs/EJBCA-Enterprise/latest/EJBCA_7.0.1_Release_Notes.html
* SignServer 5.0.0 - Please check out SignServer release notes for further information: https://download.primekey.com/docs/SignServer-Enterprise/current/SignServer_5.0_Release_Notes.html
* Support for PKCS#11 R2. Please note that when updating an existing PKCS#11 R1 installation, it will keep using PKCS#11 R1. The same is true for restoring a backup from a PKCS#11 R1 setup. New installations with PKCS#11 R1 are still possible, but discouraged.
* Support packages can now be generated during the installation process as well.
* WebConf now offers a button to restart EJBCA and SignServer.
Changes and bug fixes:
* The runtime environment has been updated to Java 1.8.0 and Wildfly 14.
* Additional checks are now implemented to confirm that the backups have been completed.
* In case of smart card activated slots with PKCS#11 R2, smart card interactions are retried on failure (eg. wrong PIN) on a best-effort basis.
* PKCS#11 R2: cluster key synchronization package restore does not delete keys, only adds missing keys and overwrites differing keys that have the same alias. To delete a key, it has to be manually deleted on all nodes.
* Randomised passwords are now supported for the internal database.
* The TLS settings have been Hardened in Apache.
* EJBCA and SignServer are executed as unprivileged user.
* Improved robustness of cluster key synchronization package handling.
Known issues and limitations:
* While smart card activated slots are supported with PKCS#11 R2, "FIPS restrictions applied" mode is not.
* When installing updates on a PKI Appliance running 3.2.0, make sure to unplug any USB sticks before performing the update.
* When restoring large backups coming from EJBCA versions older than 6.6.0, after the restore and reboot EJBCA will not be available for some time due to the database schema change and the need to reindex. For a full database of a Model M, it takes about an hour to reindex the database. An additional reboot is required to finalize the change.
* For cluster backups taken on versions 2.4 up to 2.8 - when restoring the first backup onto 3.3.0 version the cluster configuration will be deleted and it is needed to add the IP addresses of all the other nodes manually before
proceeding with the cluster setup.
* Version 3.3.0 does not support restoring backups of versions older than 2.4.0.
* The second generation hardware version offers four ethernet ports. Only two of them are usable at the moment, but support for the disabled ethernet ports will be added in future versions.
* Due to a firmware limitation, the PKI Appliance only becomes reachable when both management and application ethernet ports are successfully connected to a network.
* Ethernet ports might not establish a link if the network cables have been connected after powering on the device.
* PeerConnector setup does not support Diffie Hellman key agreement. To setup a peer system, please switch to RSA algorithm before adding the PeerConnector.
* "FIPS restrictions applied" mode is currently not available on appliances of the second generation hardware version because it is not available on that HSM generation. Operation in FIPS mode will be added in future releases.
Please find the detailed release notes here.
Dear Customers and Partners,
PrimeKey Open Trainings are great opportunities for you to brush up on your PKI skills. Because the last fully-booked training in Stockholm was so successful, we decided to add another training in Chicago this June. Take a look below for details on the next trainings in Chicago and Stockholm.
You can also now register for PrimeKey Tech Days, our two-day tech event featuring speakers in PKI, Crypto, Open Source, eIDAS, Digital Signing and many other interesting IT-Security topics. Scroll down to watch a video about PrimeKey Tech Days and get registered.
We hope to see you at an event soon!
Click on this link to read more and register: https://www.primekey.com/tech-days/
Please click on this link to read the EJBCA 7.1.0 Release Information email.
The PrimeKey SignServer team is pleased to announce the release of SignServer Enterprise 5.0.0.
Please click on this link to read the SignServer Release Information email.
Welcome to our new system!
The PrimeKey Support Team