EJBCA Documentation
Solution Areas
Issuing TLS Certificates
Securing Your Microsoft Environment with EJBCA
IoT and Device Identities
Using EJBCA as a Large-scale Enterprise PKI
Issuing eID Certificates and Signing ePassports
PKI and Signature Services for Microservices and DevOps Environments
Deploying PKI and Signature Services in DevOps Environments
Hybrid PKI Deployment for Modern Manufacturers
Post-Quantum Readiness
PKI for 3GPP
EJBCA Introduction
EJBCA Concepts
EJBCA Architecture
Using EJBCA as a Standalone CA/RA/VA
EJBCA with distributed RA/VAs
External OCSP Responders
Internal Architecture
Library Manifest
Interoperability and Certifications
Common Criteria
Common Criteria Evaluation
EJBCA Installation
Installation Prerequisites
Managing EJBCA Configurations
How to Configure Database Protection using HMAC
Creating the Database
Application Servers
WildFly 10 / JBoss EAP 7.0
WildFly 12 / JBoss EAP 7.1
WildFly 14 / JBoss EAP 7.2
WildFly 18 / JBoss EAP 7.3
WildFly 22 / JBoss EAP 7.4
WildFly 24
WildFly 26
Deploying EJBCA
Installing EJBCA
Install EJBCA as a CA without a Management CA
Installing EJBCA as a CA with a Management CA
Installing EJBCA as an RA or VA
Synchronizing the VA Database
Connecting an RA to a CA over Peers
Finalizing the Installation
High Availability and Clustering
Maximizing Performance
EJBCA Security
Deployment Reference
Upgrading EJBCA
EJBCA Operations
EJBCA CA Concept Guide
Authentication Methods
OAuth Providers
Certificate Authority Overview
CA Fields
Creating Custom Request Processors
ePassport PKI
ECDSA Keys and Signatures
EdDSA Keys and Signatures
CVC CA
CVC Sequence
EAC Roles and Access Rights
Inspection Systems
Using HSMs
PEM Requests
SPOC PKI
C-ITS ECA Overview
Partitioned CRLs
Microsoft Compatible CA Key Updates
Crypto Tokens Overview
End Entities Overview
End Entity Profiles Overview
E-mail Notifications
Self Registration
End Entity Profiles Fields
Certificate Statuses
Printing of User Data
Subject Distinguished Names
Custom Subject DN and altName OIDs
Publishers Overview
Active Directory Publisher
AWS S3 Publisher
Azure Blob Storage Publisher
Custom Publishers
Publishing with an External Application
Certificate Sampler Custom Publisher
Cert Safe Publisher for an HTTPS Server
Cert Safe REST API
Customer Specific Publisher for a PKD-like Catalog
LDAP Publisher/LDAP Search Publisher
Multi Group Publisher
SCP Publisher
Validation Authority Peer Publisher
Validation Authority Publisher (Legacy)
Validators Overview
Key Validators
Certificate Field Validators
Post Processing Validators
Certificate Profiles Overview
Certificate Profile Fields
Certificate Transparency Overview
Custom Certificate Extensions
Extended Key Usages
External Account Bindings
Approvals
Approval Profiles
Accumulative Approval Profiles
Partitioned Approval Profiles
Services
Certificate and CRL Reader Service
Pre-Certificate Revocation Service
Certificate Expiration Check Service
CRL Download and CRL Update Service
CRL Updater Service
HSM Keepalive Service
Microsoft Intune Certificate Revocation
OAuth Key Update Worker
OCSP Response Pre-Signer
Publisher Queue Process Service
Remote Internal Key Binding Updater
Renew CA Service
Rollover Service
User Password Expire Service
OCSP Responders
Peer Systems
Remote Authenticators Overview
Roles and Access Rules
Access Rules
Predefined Role Templates
Protocols
ACME
ACME with Certbot
ACME with acme4j
ACME with acme.sh
Certificate Store Access via HTTP
EJBCA REST Interface
CMP
Using CMP with 3GPP
CMP Proxy
CMP Interoperability
CMP Error Messages
EST
EST Client Mode Configuration
EST RA Mode Configuration
Microsoft Auto-enrollment Overview
OCSP
OCSP Response Extensions
Archive Cutoff
CertificateHash
Unid FNR
SCEP
Web Service Interface
Logging
Audit Log Overview
Integrity Protected Security Audit Log
Security Audit Events
Character Limitations
User Data Sources
EJBCA RA Concept Guide
External RA using Database Polling
EJBCA Operations Guide
CA Operations Guide
EJBCA Overview Page
Approving Actions
CRL Generation
EJBCA Configuration Checker
Configuration Issues
EJBCA Maintenance
Backup and Restore
Clearing System Caches
Monitoring and Healthcheck
Monitoring of VAs
Web UI Sessions
End Entities
Create Server Certificates
Issue a New PKCS#12 Keystore for an SSL Server
Issue a New Server Certificate from a CSR
Create User Certificates
Certificate Renewal
Request Browser Certificate Renewal
Renaming and Editing Users
SSL Certificate Expiration
End Entity Profile Operations
Create an End Entity Profile for SSL Servers
Enrollment Protocol Configuration
CMP Operations Guide
3GPP CMP Operations
3GPP CMP Questions and Answers
CMP Client Support
SCEP Operations Guide
SCEP Client Support
Microsoft Auto-enrollment Operations
Microsoft Auto-enrollment Configuration Guide
Part 1: Configure Active Directory Domain Services
Part 2: Group Policies and Certificate Templates
Part 3a: EJBCA Configuration
Part 3b: EJBCA Policy Server Configuration
Enabling TLS for Active Directory Connection
Part 4: Configure Policy Server
Microsoft Auto-enrollment Troubleshooting
Modular Protocol Configuration
Exporting and Importing Profiles
Importing Certificates
Key Recovery
Managing CAs
Creating a Root CA
Creating an Issuing CA Signed by an External Root
Creating an Issuing CA Signed by a Root on Same Node
Importing an External CA
Signing an External CA
CA Rekey Recommendations
Managing C-ITS ECAs
Managing Certificate Profiles
Create a Certificate Profile for SSL Servers
Create a Certificate Profile for a Document Signer for Passports
Import/Export Certificate Profiles
Certificate Transparency
Managing Crypto Tokens
CP5 Crypto Token
Managing Remote Authenticators
Setting up an Authentication Key Binding
OAuth Provider Management
Configuring Audience Claims
Setting up OAuth Using Keycloak
Setting up OAuth Using Azure Active Directory
OCSP Responder Management
OCSP Response Pre-Production
Setting up a Responder Using the CLI
Peer Systems Operations
Adding an Outgoing Peer Connection
Roles and Access Rules Operations
Managing Role Namespaces
Managing CVC CAs
Creating a CVC CA
Creating a DV CA and Issuing Inspection System Certificates
Publishers Management
Publisher Queue
Setting up a Validation Authority Peer Publisher
RA Operations Guide
Certificate and End Entity Life Cycle Management
Creating Certificates on the RA
Managing Requests in the RA UI
Managing Roles and Access Rules from the RA
RA Administrator Access Rules
Configure EJBCA for Public Access
Customizing the RA Appearance
Command Line Interfaces
ConfigDump Tool
EJBCA Client Toolbox
P11Ng CLI
EJBCA Integration
Integrating with Third-Party Applications
Access EJBCA using USB Tokens and Smart Cards
Using YubiKeys with EJBCA
Microsoft Intune Device Certificate Enrollment
Certificate Enrollment Requirements
Configure EJBCA Server
Configure Intune
Enroll Windows 10 Devices to Intune
Integrating EJBCA with Azure AD Role Based Authentication (RBAC)
Integrating EJBCA with Azure Application Insights
Add an EJBCA Sub CA to a Microsoft Standalone Root CA
EJBCA Plugin Integration with Hashicorp Vault
Subordinate HashiCorp Vault CA to EJBCA Root
Enrolling Chrome OS Devices against EJBCA
Integrating EJBCA with Graylog
Issuing Certificates to Kubernetes Services using cert-manager
Versasec Card Management System Integration
Ciphermail Email Gateway and EJBCA Integration
Microsoft Smart Card Logon
3Key Dashboarding, Monitoring and Reporting Add-on
3Key RA Profiles Add-on
EJBCA and Cisco ISE
EJBCA and Cisco IOS
OpenSSH and X509 Authentication
Configure EJBCA with OpenSSO
Setting up an Apache Web Server as a Proxy
Setting up an Apache Web Server with mod_jk
Using CertBot to Issue Certificates with ACME to an Apache Web Server
Setting up a HA Proxy in front of EJBCA
VMware Workspace ONE UEM powered by AirWatch
ServiceNow REST Integration
ServiceNow REST Integration - Configure EJBCA
ServiceNow REST Integration - Configure ServiceNow
Hardware Security Modules (HSM)
Generic PKCS#11 Provider
AEP Keyper
ARX CoSign
AWS CloudHSM
AWS KMS
Azure Key Vault and Managed HSM
BlackVault HSM
Bull Trustway PCI Crypto Card
Bull Trustway Proteccio
Fortanix Data Security Manager
Google KMS
nCipher nShield/netHSM
Nitrokey HSM
SmartCard-HSM
SoftHSM
Thales DPoD
Thales Luna HSM
Thales ProtectServer
Thales TCT Luna SA
Securosys Primus HSM and CloudsHSM Service
Trident HSM
Unbound Key Control
Utimaco CryptoServer
Utimaco CryptoServer CP5
YubiHSM 2
Troubleshooting Guide
Command Line Interface
Cryptography and Security
Installation and Deployment
Enrollment Questions
Performance/Timeouts
Publishing
Validation Authority
Troubleshoot Database Performance
PKI Management
Tutorials and Guides
Quick Install Guide
Enabling Debug Logging
PKI and Signature Services for Microservices and DevOps
Running PKI and Signature Services in DevOps Environments
Managing PKI Credentials and Machine Identities for Applications
Using EJBCA Enterprise to Issue and Manage Certificates through (Hashicorp) Vault
Migrating from other CAs to EJBCA
Migrating RSA Keon CA with nCipher
Migrating Microsoft CA to EJBCA
Migrating an OpenSSL CA to EJBCA
Using EJBCA as a Certificate Management System (CMS)
Modifying EJBCA
Getting Started With EJBCA Development
Handling Configurations in a Separate Directory
Creating Plugins
Customizing the User Interface
Adding Rules to Regulate Values of End Entity Fields
Creating a custom RA application using EJBCA Web Services and Java
Allowing Custom Classes in the Database
Uncommon CA Workflows
Change Signing Algorithm on Root CA's Certificates
Issue Multiple Certificates at Once Using a Bulk of CSRs
Batch Creating Certificates
Making an ASN.1 Dump of a Certificate
Using the Demo Servlet
EJBCA Release Information
EJBCA Release Notes
EJBCA 7.11 Release Notes
EJBCA 7.10.1 Release Notes
EJBCA 7.10.0.1 Release Notes
EJBCA 7.9.1 Release Notes
EJBCA 7.9.0 Release Notes
EJBCA 7.8.1 Release Notes
EJBCA 7.8.0 Release Notes
EJBCA 7.7.0 Release Notes
EJBCA 7.6.0 Release Notes
EJBCA 7.5.1 Release Notes
EJBCA 7.5 Release Notes
EJBCA 7.4.3.3 Release Notes
EJBCA 7.4.3.2 Release Notes
EJBCA 7.4.3 Release Notes
EJBCA 7.4.2 Release Notes
EJBCA 7.4.1 Release Notes
EJBCA 7.4 Release Notes
EJBCA 7.3.1.3 Release Notes
EJBCA 7.3.1 Release Notes
EJBCA 7.3 Release Notes
EJBCA 7.2.1 Release Notes
EJBCA 7.2 Release Notes
EJBCA 7.1 Release Notes
EJBCA 7.0.1 Release Notes
EJBCA 7.0.0 Release Notes
EJBCA 6.15.1 Release Notes
EJBCA 6.15 Release Notes
EJBCA 6.14.1 Release Notes
EJBCA 6.14 Release Notes
EJBCA 6.13 Release Notes
EJBCA 6.12 Release Notes
EJBCA 6.11 Release Notes
EJBCA 6.11.0.1 Release Notes
EJBCA 6.11.1 Release Notes
EJBCA 6.10 Release Notes
EJBCA 6.10.1 Release Notes
EJBCA 6.9 Release Notes
EJBCA 6.9.1 Release Notes
EJBCA 6.8 Release Notes
EJBCA 6.7 Release Notes
EJBCA 6.6 Release Notes
EJBCA 6.5 Release Notes
EJBCA 6.4 Release Notes
EJBCA 6.3 Release Notes
EJBCA 6.2 Release Notes
EJBCA 6.1 Release Notes
EJBCA 6.0 Release Notes
EJBCA Release Notes Summary
EJBCA Change Log Summary
EJBCA Upgrade Notes
EJBCA 7.11.0 Upgrade Notes
EJBCA 7.10.0.1 Upgrade Notes
EJBCA 7.9.0 Upgrade Notes
EJBCA 7.8.1 Upgrade Notes
EJBCA 7.8.0 Upgrade Notes
EJBCA 7.7.0 Upgrade Notes
EJBCA 7.6.0 Upgrade Notes
EJBCA 7.5 Upgrade Notes
EJBCA 7.4.3 Upgrade Notes
EJBCA 7.4.2 Upgrade Notes
EJBCA 7.4.1 Upgrade Notes
EJBCA 7.4 Upgrade Notes
EJBCA 7.3.1 Upgrade Notes
EJBCA 7.3 Upgrade Notes
EJBCA 7.2.1 Upgrade Notes
EJBCA 7.2 Upgrade Notes
EJBCA 7.1 Upgrade Notes
EJBCA 7.0.1 Upgrade Notes
EJBCA 7.0 Upgrade Notes
EJBCA 6.15 Upgrade Notes
EJBCA 6.14 Upgrade Notes
EJBCA 6.13 Upgrade Notes
EJBCA 6.12 Upgrade Notes
EJBCA 6.11 Upgrade Notes
EJBCA 6.10 Upgrade Notes
EJBCA 6.9 Upgrade Notes
EJBCA 6.8 Upgrade Notes
EJBCA 6.7 Upgrade Notes
EJBCA 6.6 Upgrade Notes
EJBCA 6.5 Upgrade Notes
EJBCA 6.4 Upgrade Notes
EJBCA 6.3 Upgrade Notes
EJBCA 6.2 Upgrade Notes
EJBCA 6.1 Upgrade Notes
EJBCA 6.0 Upgrade Notes
EJBCA Upgrade Notes Summary