Overview Page

The first page you'll be greeted with in the CA UI is the Overview Page, which gives some general information about the status of this EJBCA instance.

CA Management

Crypto Tokens

In EJBCA, cryptographic keys are stored in a Crypto Token. A Crypto Token can either be stored in a database, known as a soft Keystore, or on a Hardware Security Module (HSM).

→ For information on managing crypto tokens, with instructions on how to create, edit, and activate crypto tokens, see Managing Crypto Tokens.

Certificate Profiles

A Certificate Profile defines the constraints of the certificate, for example, what keys it can use, and what the extensions will be.

→ For information on how to create and edit Certificate Profiles, see Managing Certificate Profiles.

For workflows describing how to setting up various common Certificate Profiles, see the following pages:

→ Create a Certificate Profile for SSL Servers

→ Create a Certificate Profile for a Document Signer for Passports

→ Import/Export Certificate Profiles

End Entity Profiles

End Entity Profiles allow narrowing down and automatically input some variables used in the certificate.

The End Entity Profile is used together with the Certificate Profile to create the certificates signed by the CA. The Certificate Profile defines the constraints of the certificate, for example what keys it can use and what the extensions will be, while the End Entity Profile defines the information in the certificate, for example country and organization.

→ For more information on importing and exporting End Entity Profiles and instructions for creating a Server End Entity Profile, see End Entity Profile Operations

OCSP Management

→ For information on managing an OCSP Responder, whether situated locally on the same machine as the CA or remotely on a VA, see OCSP Responder Management.

Roles and Access Rules

→ For information on working with roles and access rules, see Roles and Access Rules Operations.

CA Operations Guide Topics

The full list of operations guide topics are as follows:

• EJBCA Overview Page

• Approving Actions

• CRL Generation

• EJBCA Configuration Checker

  • Configuration Issues

• EJBCA Maintenance

  • Backup and Restore

  • Clearing System Caches

  • Monitoring and Healthcheck

    • Monitoring of VAs

  • Web UI Sessions

• End Entities

  • Create Server Certificates

  • Issue a New PKCS#12 Keystore for an SSL Server

  • Issue a New Server Certificate from a CSR

  • Create User Certificates

  • Certificate Renewal

  • Request Browser Certificate Renewal

  • Renaming and Editing Users

  • SSL Certificate Expiration

• End Entity Profile Operations

  • Create an End Entity Profile for SSL Servers

• Enrollment Protocol Configuration

  • CMP Operations Guide

    • 3GPP CMP Operations

      • 3GPP CMP Questions and Answers

    • CMP Client Support

  • SCEP Operations Guide

    • SCEP Client Support

  • Microsoft Auto-enrollment Operations

    • Microsoft Auto-enrollment Configuration Guide

      • Part 1: Configure Active Directory Domain Services

      • Part 2: Group Policies and Certificate Templates

      • Part 3a: EJBCA Configuration

      • Part 3b: EJBCA Policy Server Configuration

        • Enabling TLS for Active Directory Connection

      • Part 4: Configure Policy Server

    • Microsoft Auto-enrollment Troubleshooting

  • Modular Protocol Configuration

• Exporting and Importing Profiles

• Importing Certificates

• Key Recovery

• Managing CAs

  • Creating a Root CA

  • Creating an Issuing CA Signed by an External Root

  • Creating an Issuing CA Signed by a Root on Same Node

  • Importing an External CA

  • Signing an External CA

  • CA Rekey Recommendations

  • Managing C-ITS ECAs

• Managing Certificate Profiles

  • Create a Certificate Profile for SSL Servers

  • Create a Certificate Profile for a Document Signer for Passports

  • Import/Export Certificate Profiles

  • Certificate Transparency

• Managing Crypto Tokens

  • CP5 Crypto Token

• Managing Remote Authenticators

  • Setting up an Authentication Key Binding

• OAuth Provider Management

  • Configuring Audience Claims

  • Setting up OAuth Using Keycloak

  • Setting up OAuth Using Azure Active Directory

• OCSP Responder Management

  • OCSP Response Pre-Production

  • Setting up a Responder Using the CLI

• Peer Systems Operations

  • Adding an Outgoing Peer Connection

• Roles and Access Rules Operations

  • Managing Role Namespaces

• Managing CVC CAs

  • Creating a CVC CA

  • Creating a DV CA and Issuing Inspection System Certificates

• Publishers Management

  • Publisher Queue

  • Setting up a Validation Authority Peer Publisher