Index: ejbca/src/java/org/ejbca/core/ejb/ca/store/LocalCertificateStoreSessionBean.java =================================================================== --- ejbca/src/java/org/ejbca/core/ejb/ca/store/LocalCertificateStoreSessionBean.java (.../Rel_3_11_2) (revision 12148) +++ ejbca/src/java/org/ejbca/core/ejb/ca/store/LocalCertificateStoreSessionBean.java (.../Rel_3_11_3) (revision 12148) @@ -1195,20 +1195,17 @@ int revocationReason = RevokedCertInfo.NOT_REVOKED; rev.setRevocationReason(revocationReason); // Republish the certificate if possible - // If it is not possible, only log error but continue the operation of not revoking the certificate - try { - // Republishing will not restore a password, for example in AD, it will only re-activate the certificate. - String password = null; - boolean published = publishersession.storeCertificate(admin, publishers, certificate, username, password, userDataDN, - cafp, status, type, revocationDate, revocationReason, rev.getTag(), rev.getCertificateProfileId(), now.getTime(), null); - if ( !published ) { - throw new Exception("Unrevoked cert:" + serialNo + " reason: " + reason + " Could not be republished."); - } - String msg = intres.getLocalizedMessage("store.republishunrevokedcert", new Integer(reason)); - getLogSession().log(admin, CertTools.getIssuerDN(certificate).hashCode(), LogConstants.MODULE_CA, new java.util.Date(), null, certificate, LogConstants.EVENT_INFO_NOTIFICATION, msg); - } catch (Exception ex) { - // We catch the exception thrown above, to log the message, but it is only informational, so we dont re-throw anything - getLogSession().log(admin, CertTools.getIssuerDN(certificate).hashCode(), LogConstants.MODULE_CA, new java.util.Date(), null, certificate, LogConstants.EVENT_INFO_NOTIFICATION, ex.getMessage()); + // Republishing will not restore a password, for example in AD, it will only re-activate the certificate. + String password = null; + boolean published = getPublisherSession().storeCertificate(admin, publishers, certificate, username, password, userDataDN, + cafp, status, type, revocationDate, revocationReason, rev.getTag(), rev.getCertificateProfileId(), now.getTime(), null); + if (published) { + final String msg = intres.getLocalizedMessage("store.republishunrevokedcert", Integer.valueOf(reason)); + getLogSession().log(admin, CertTools.getIssuerDN(certificate).hashCode(), LogConstants.MODULE_CA, new Date(), null, certificate, LogConstants.EVENT_INFO_NOTIFICATION, msg); + } else { + // If it is not possible, only log error but continue the operation of not revoking the certificate + final String msg = "Unrevoked cert:" + CertTools.getSerialNumberAsString(certificate) + " reason: " + reason + " Could not be republished."; + getLogSession().log(admin, CertTools.getIssuerDN(certificate).hashCode(), LogConstants.MODULE_CA, new Date(), null, certificate, LogConstants.EVENT_INFO_NOTIFICATION, msg); } } else { String msg = intres.getLocalizedMessage("store.ignorerevoke", serialNo, new Integer(rev.getStatus()), new Integer(reason)); Index: ejbca/src/java/org/ejbca/ui/web/RequestHelper.java =================================================================== --- ejbca/src/java/org/ejbca/ui/web/RequestHelper.java (.../Rel_3_11_2) (revision 12148) +++ ejbca/src/java/org/ejbca/ui/web/RequestHelper.java (.../Rel_3_11_3) (revision 12148) @@ -126,12 +126,17 @@ throw new SignRequestSignatureException( "Invalid signature in NetscapeCertRequest, popo-verification failed."); } - - log.debug("POPO verification successful"); - + if (log.isDebugEnabled()) { + log.debug("POPO verification successful"); + } X509Certificate cert = (X509Certificate) signsession.createCertificate(administrator, username, password, nscr.getPublicKey()); + if (log.isDebugEnabled()) { + log.debug("Created certificate for " + username); + } + return cert.getEncoded(); +/* ECA-2065 - fix for Chrome, Safari and Android // Don't include certificate chain in the PKCS7 to Firefox byte[] pkcs7 = signsession.createPKCS7(administrator, cert, false); log.debug("Created certificate (PKCS7) for " + username); @@ -141,6 +146,7 @@ } return pkcs7; +*/ } //nsCertRequest /** Index: ejbca/src/internal.properties =================================================================== --- ejbca/src/internal.properties (.../Rel_3_11_2) (revision 12148) +++ ejbca/src/internal.properties (.../Rel_3_11_3) (revision 12148) @@ -8,6 +8,6 @@ app.name=ejbca app.name.cap=EJBCA -app.version.number=3.11.2 +app.version.number=3.11.3 svn.revision=r11608 app.version=${app.name.cap} ${app.version.number} (${svn.revision}) Index: ejbca/compile.xmli =================================================================== --- ejbca/compile.xmli (.../Rel_3_11_2) (revision 12148) +++ ejbca/compile.xmli (.../Rel_3_11_3) (revision 12148) @@ -223,8 +223,8 @@ - - + + Index: ejbca/Changelog.txt =================================================================== --- ejbca/Changelog.txt (.../Rel_3_11_2) (revision 12148) +++ ejbca/Changelog.txt (.../Rel_3_11_3) (revision 12148) @@ -1,3 +1,10 @@ +EJBCA 3.11.3, 2011-07-08 + +** Bug + * [ECA-2065] - Certificate enrollment using OS X 10.6 and Safari 5.0.3 + * [ECA-2152] - Certificate not published to OCSP when reactivating after jboss restart. + * [ECA-2212] - Problem between 'ant install' and 'ant deploy' on JBoss EAP 5.1. + EJBCA 3.11.2, 2011-04-29 ** Bug Index: ejbca/doc/xdocs/index.xml =================================================================== --- ejbca/doc/xdocs/index.xml (.../Rel_3_11_2) (revision 12148) +++ ejbca/doc/xdocs/index.xml (.../Rel_3_11_3) (revision 12148) @@ -8,7 +8,7 @@
-

2010-12-23: EJBCA 3.11.1 and cert-cvc 1.2.12 with EAC ePassport support is now out! +

2011-04-29: EJBCA 3.11.2 and cert-cvc 1.2.12 with EAC ePassport support is now out!
Visit the download section. There is also a LiveCD!

Index: ejbca/doc/xdocs/download.xml =================================================================== --- ejbca/doc/xdocs/download.xml (.../Rel_3_11_2) (revision 12148) +++ ejbca/doc/xdocs/download.xml (.../Rel_3_11_3) (revision 12148) @@ -10,10 +10,10 @@ If you have problems with any of the download links below, try to download through the Sourceforge download page.

- EJBCA 3.11.1 is now available for download. + EJBCA 3.11.2 is now available for download.
- SHA1 checksum: 8c9254d4a7dadf8c9b1c3f932e9fd875ab816ddb + SHA1 checksum: c3150e74bb293103584537bbc01c8a63fa027e34

Cert-cvc library 1.2.12 with full RSA and ECC support is now available for download. Index: ejbca/doc/RELEASE_NOTES =================================================================== --- ejbca/doc/RELEASE_NOTES (.../Rel_3_11_2) (revision 12148) +++ ejbca/doc/RELEASE_NOTES (.../Rel_3_11_3) (revision 12148) @@ -1,3 +1,13 @@ +EJBCA 3.11.3 +------------ +This is a maintenance release containing 3 bug fixes. + +* Noteworthy changes: +- Certificate enrollment now works also with Safari and Chrome browsers. (Backport from EJBCA 4.0.2.) + +Read the full Changelog for details. +For upgrade instructions, please see UPGRADE. + EJBCA 3.11.2 ------------ This is a maintenance release containing 11 bug fixes, and 12 new features/improvements.