Skip to content

Release Notes v2.154

Jump to bottom
NeySlim edited this page May 11, 2026 · 1 revision

Release Notes — v2.154

Stable release (2026-05-10). Fixes OPNsense 26.1.x certificate import.

Smoke-tested 6/6 on SQLite and PostgreSQL across Debian (DEB), RHEL/Fedora (RPM), and Docker.

For the previous releases see Release Notes v2.153 and the full CHANGELOG.

Highlights

  • OPNsense import fixed — three bugs prevented the API-based import path from working against OPNsense 26.1.x.

Fixed — OPNsense Import

Bugs fixed

  1. Frontend service did not unwrap success_response.data, so the items list was empty after Connect and the Import Selected button never rendered.
  2. Backend stored OPNsense uuid as UCM refid, breaking the caref linkage between certificates and their CA (OPNsense uses the 13-char refid as cross-reference, not the 36-char uuid).
  3. Imported private keys were stored raw instead of going through store_pem_bytes(), bypassing encryption-at-rest.

What changed

  • Importer performs a 2-pass import (CAs before certificates)
  • Resolves caref against in-flight CAs
  • Extracts SAN/SKI/AKI/serial from imported certs
  • Falls back to crt_payload/prv_payload when crt/prv are absent
  • Treats an empty selection as "import all"
  • Added regression test test_opnsense_import.py covering refid storage, caref linkage, and encrypted private-key round-trip

Upgrade

Drop-in replacement for v2.153. No new migration.

  • Docker Hub: docker pull neyslim/ultimate-ca-manager:2.154
  • DEB: wget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.154/ucm_2.154_all.deb
  • RPM: wget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.154/ucm-2.154-1.fc43.noarch.rpm

Clone this wiki locally