To configure the EJBCA as an external CA select the "EJBCA" from the "CA Type" drop down. The following page will be shown to configure the EJBCA.

The items in the above screen are described below:

Items

Description

CA  Alias

An operator-defined unique name for easy management of certificate authorities within ADSS Server. This is only for human identification purposes.

CA Type

ADSS Server can be configured to get the certificates issued from the EJBCA. The requests that are received at certification service are forwarded to EJBCA for certificate issuance. The supported request types are:

  • CREATE
  • RENEW
  • REVOKE

CA Name

Specify the EJBCA CA Name from EJBCA console (not the CA Common Name) from which the certificate is being issued.

CA Certificate

All the CA certificates configured in Trust Manager with purpose CA (will be used to verify other certificates and CRLs) will be available here for configurations. 
Select the required EJBCA which will be used to issue the target certificates. 

Note: It is required to register the complete chain of the EJBCA in Trust Manager

CA Address

Define the URL that this CA listens on for certificate request messages.

Certification Profile

Specify the certification profile which determines non user specific content and behaviour of certificates. Certificate Profile defines different types of certificates with regards to DN-contents, extensions etc.

End Entity Profile

Specify the End Entity Profile which is linked to the above mentioned Certification Profile.

TLS Client Certificate

Required for communication with the CA. Select the TLS Client Authentication Certificate which pre-exists in the Key Manager

Note: It is required to register the Issuer CA of the TLS Client Authentication certificate in Trust Manager with purpose CA for verifying TLS client certificates

User Name

Specify the valid UserName which has access to the referenced profile.

Password

Specify the password for the above provided user.

Validity Period

Specify the validation period in minutes, hours, days, months and years for the certificate to be created or renewed.


See also

ADSS CA Server

Microsoft CA
Symantec MPKI
GlobalSign EPKI
GlobalSign HVCI
EJBCA
QuoVadis CA
Entrust CA
Offline External CA
DigiCert PKI
SPOC Server