EJBCA

The EJBCA CA Connector enables CERTInext to integrate directly with EJBCA Public Key Infrastructure (PKI) for automated certificate lifecycle management. Once configured, CERTInext can securely communicate with EJBCA APIs to automate certificate issuance, renewal, revocation, user enrollment, and lifecycle operations directly from the CERTInext platform.

This integration helps organizations centralize certificate operations while leveraging EJBCA as an enterprise-grade private CA infrastructure.

Typical use cases include:

Enterprise Private PKI management
Internal server and device certificates
User and client authentication certificates
Automated certificate issuance and renewal
Secure certificate enrollment workflows
Internal trust and compliance management

Accessing the EJBCA Connector

To configure an EJBCA connector:

Navigate to Integrations → CA Connectors → EJBCA
Click Create CA Connector

This opens the EJBCA connector configuration page where API connectivity and authentication settings are configured.

EJBCA Connector Configuration Fields

The following fields are required when creating an EJBCA connector.

Name

Defines a unique name for the connector configuration.

Example:

EJBCA Production Connector

This name is used internally within CERTInext to identify the integration.

Base URL

Specifies the EJBCA server URL used for API communication.

Example:

https://ejbca.example.com

CERTInext uses this endpoint to securely communicate with EJBCA services.

Authentication Type

Defines the authentication method used for EJBCA API communication.

Available options include:

mTLS

Uses Mutual TLS authentication for secure API communication.

This method requires a client certificate file and associated certificate password.

OAuth2

Uses OAuth2-based authentication for secure token-based API access.

This option is commonly used in modern API-driven environments where centralized identity and token management are required.

Client Certificate File

Used when mTLS authentication is selected.

Administrators must upload the client certificate file required for secure communication with EJBCA.

Supported formats depend on EJBCA configuration and organizational policy.

Certificate Password

Defines the password associated with the uploaded client certificate.

This credential is securely stored and used during mTLS authentication.

Ensure certificate passwords are protected and accessible only to authorized administrators.

CA Name

Specifies the Certificate Authority name configured within EJBCA.

Example:

CorporateRootCA

CERTInext uses this CA during certificate issuance operations.

Certificate Profile Name

Defines the EJBCA Certificate Profile used during issuance.

Example:

TLS_Server_Profile

Certificate profiles determine:

Key usage
Certificate extensions
Validity period
Algorithm policies
Subject constraints

Administrators can click Fetch Profiles to retrieve available profiles directly from EJBCA.

End Entity Profile Name

Defines the EJBCA End Entity Profile associated with certificate requests.

Example:

Server_End_Entity

End Entity Profiles control enrollment behavior and subject field requirements.

Administrators can click Fetch Profiles to retrieve available profiles from EJBCA.

Default Username

Specifies the default username used during automated enrollment operations.

Example:

certinext-user

This value may be used when dynamically creating end entities during certificate issuance workflows.

Default Password

Defines the default password associated with the default username or enrollment workflow.

This password is securely stored and used during automated certificate enrollment operations where applicable.

Testing the Connector

After entering all required details:

Click Test Connection
CERTInext validates:
- API connectivity
- Authentication configuration
- CA availability
- Certificate profile accessibility
- End entity profile accessibility

If the validation succeeds, the connector can be saved and used for certificate operations.

Certificate Operations Supported

Once configured, the EJBCA connector enables CERTInext to perform:

Certificate issuance
Certificate renewal
Revocation requests
Reissuance operations
End entity enrollment
Certificate profile mapping
Inventory synchronization
Lifecycle monitoring

These operations are executed through secure communication between CERTInext and EJBCA.

Operational Flow

The typical certificate lifecycle workflow using the EJBCA connector is:

CERTInext → EJBCA API → Profile Validation → Certificate Issuance → Lifecycle Tracking

CERTInext can automate certificate workflows while enforcing governance and policy controls across enterprise PKI environments.

PreviousMicrosoft CA Integration NextManaging CA Accounts

Last updated 1 month ago