v2.130
What's Changed
Added
- HSM-backed Certificate Authorities (#77.3) — the CA's private signing key can now be generated or stored inside an HSM and never leaves it. The Create CA wizard exposes a Key Storage toggle (Local / HSM); in HSM mode you can generate a new key in the HSM (RSA-2048/3072/4096, EC-P256/P384/P521) or pick an existing unused signing key. All certificate issuance, CRL generation and OCSP responses for the CA are signed by the HSM. PKCS#12, JKS and raw-key export endpoints return HTTP 409 for HSM-backed CAs. CA list and detail views show an "HSM" badge. In-app help and wiki updated in all 9 UI languages.
Security
python-dotenvupgraded to 1.2.2 to pick up the latest CVE patches.
Notes
- HSM-backed CAs are backed by the existing HSM provider plumbing (PKCS#11, AWS CloudHSM, Azure Key Vault, GCP KMS, OpenBao/Vault Transit). Only OpenBao is exercised in CI; the other providers share the same code path but are not yet end-to-end tested.
- In-place migration of existing local CAs to HSM and HSM key rotation for existing HSM CAs are intentionally out of scope and tracked as separate follow-up items.
Installation
Docker (Recommended)
# From Docker Hub
docker pull neyslim/ultimate-ca-manager:2.130
# Or from GitHub Container Registry
docker pull ghcr.io/neyslim/ultimate-ca-manager:2.130
# Run
docker run -d -p 8443:8443 \
-e SECRET_KEY=$(openssl rand -hex 32) \
--name ucm neyslim/ultimate-ca-manager:2.130Debian/Ubuntu
wget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.130/ucm_2.130_all.deb
sudo dpkg -i ucm_2.130_all.deb
sudo apt-get install -fFedora/RHEL
wget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.130/ucm-2.130-1.fc43.noarch.rpm
sudo dnf install ./ucm-2.130-1.fc43.noarch.rpmSilent/Automated Install
# Skip firewall prompts for CI/automation
sudo UCM_PORT=8443 UCM_FIREWALL=no dpkg -i ucm_2.130_all.debDefault Credentials
- Username:
admin - Password: Check
/etc/ucm/ucm.envafter install, or shown during install
Change the password immediately after first login!