EJBCA Hardware Appliance 5.1.2 Release Notes
AUGUST 2025
We are pleased to announce the release of EJBCA Hardware Appliance 5.1.2.
With this release, we have added support for FIPS enablement with both variants of HSMs: Luna S790 and u.trust and Se100/Se2K.
The release also brings a new version of EJBCA and a list of improvements and bug fixes.
Highlights
New version of EJBCA Enterprise
EJBCA Enterprise has been updated to version 9.3.3. For more information, see the EJBCA Release Notes.
New Features
Using the HSM in FIPS mode: with this release it is possible to select during the first installation or when restoring a backup either to run the HSM in FIPS mode or not. The procedure to enable FIPS mode might require extra steps compared to the non-FIPS setup of the HSM.
Please refer to the documentation for further details.
Improvements and Corrections
The following lists other corrections included in the release.
Bug fixes:
Backup tab crashes on webconf when trying to connect to non reachable NFS server.
u.trust HSM firmware update fails on the cluster nodes other than node 1.
Uploading Key Synchronisation packages generated on versions 5.1.0 and 5.1.1 on u.trust HSM breaks the backup and restore functionality.
If a backup is taken from version 5.1.1 or older, and restored on one of the mentioned version, the u.trust HSM Firmware update process will be broken.
Factory reset not successful without a configured DHCP or Static IP address
Upgrade Information for u.trust HSM
A current backup must always be created for security purposes before processes such as updates, etc. are carried out.
When updating the HSM firmware version of cluster nodes running on either version 5.1.0 or 5.1.1, you would run into an issue to update the u.trust HSM firmware on the nodes other than node 1. To fix the issue you would need to upgrade the appliance firmware version to 5.1.2 and rebuild the cluster on that version, which will automatically update the HSM firmware.
The fix of this bug is delivered with version 5.1.2 and updating to this version and newer is safe.If a u.trust HSM firmware update on version 5.1.0 or 5.1.1 is not successful on an the appliance that has been restored from a backup that was taken from an older version, you need to:
take a new backup
factory reset the appliance
update the appliance to version 5.1.2
restore the taken backup.
Note:
A known issue during the update process, which will be fixed in the upcoming Next Generation Hardware Release 5.2.0, is the problem of non-sequential updates.
If a non-sequential update has been performed, there is no guarantee that the device will function as expected when updating the HSM firmware.
Sequential updates are recommended (5.0.0 → 5.1.0 → 5.1.2).
The HSM firmware update must be performed after updating to 5.1.0.If the recommend sequence has not been followed:
for Luna HSM:
reset HSM on Appliance with Luna:
first HSM Reset Luna
next Factory Reset on Appliance with Luna
for u.trust HSM:
or Factory Reset on Appliance with u.trust.
After restarting, log in to Webconf with the OTP displayed on the front display.
Navigate to the Restore section and restore the newly created backup.
After restarting, the device will be in the desired state.If FIPS is to be used:
The first steps are exactly as described above. Only when restoring the newly created backup, the checkbox for FIPS must be activated. Then the backup can be restored.
After restarting, the device will run in FIPS mode.
Rollback Information
Until further notice, we do not support downgrades in the Next Generation Hardware Appliance. Only rollbacks are supported.
The Rollback button is only available while the update process is still in progress. Once the update is complete, the Rollback option is no longer available. If, while performing an upgrade, the new version is not suitable, click Rollback to undo the step.