Exporting and Importing Profiles

Certificate and End Entity profiles can be exported as XML files and imported in another instance of EJBCA, or in the same instance after removal of the old ones.

When exporting profiles (bin/ejbca.sh ca exportprofiles), all profiles will be exported to the specified directory. The exported files will be given unique names containing profile name and profile id. When importing profiles the profile name and id will be read from the filename. All profiles present in the specified directory will be imported.

Fixed profiles will not be exported or imported. If a profiles with the same name as the one being imported already exist, the profiles will not be imported. References to publishers with unknown id will be dropped.

Import of profiles try to keep the same profile id. If it already exist a profile with the same id in the database, it will try to choose another and change any (end entity profile to certificate profile) reference during later imports. The reason the id is kept is that there are references to the profile id from users belonging to the profile.

During import on a new EJBCA instance where CAs that are referenced from the profiles do not exist, a default CA has to be specified on command line. Two CAs are considered identical in this context if they have the same subject DN.

It is also possible to import and export profiles in the AdminGUI in the End Entity Profiles page and the Certificate Profiles page. The same limitations above apply even when exporting/importing through the GUI, but the profiles will be imported from and exported into a zip file.