Create Private CA (EJBCA)

EJBCA is a open-source Public Key Infrastructure (PKI) solution, that can be used with Certificate Lifecycle Management (CLM) to automate and manage certificate lifecycles, ensuring compliance and preventing outages.

EJBCA supports certificate ownership, certificate reporting, certificate provisioning, and certificate validation. The flexible configuration of certificate profiles and protocols enables strict control and automation where needed.

The feature can automatically request and renew certificates from EJBCA, reducing manual effort and potential errors.

They can also monitor certificate status and alert administrators of upcoming expiration or issues.

For more information on EJBCA protocol, refer to the EJBCA REST Interface document.

Prerequisites for EJBCA Enabling

The following are the prerequisites that must be met before creating a CA using EJBCA.

  • Allow Qualys IP for port 443
  • Allow inbound traffic for the Qualys IP on the EJBCA server.
  • Contact Technical Account Manager or support to allow EJBCA URL in Certificate View application

Create Private CAs using EJBCA 

Follow these steps for creating CSR:

  1. Navigate to Configuration > Certificate AuthoritiesCreate New > EJBCA.

    Option to create new PRivate CA

    Create New: EJBCA window is displayed.

    Viewing EJBCA window.

  2. Enter the Name of the connection.
  3. Provide EJBCA Server URL. (Get this URL from your EJBCA account.)
    The EJBCA Server URL is the web address used to access the EJBCA administration interface. 
  4. Upload Server Certificate in PEM or JKS file format.
    For more details, refer to the official website EJBCA

  5. Upload Client Certificate in PKCS#12 format. 
    For more details, refer to the official website EJBCA.

  6. Provide Client Certificate Passphrase.

    In EJBCA, the client certificate passphrase encrypts the certificate bundle (P12 file) when downloaded. The passphrase for the EJBCA client certificate is used for authenticating to the EJBCA UI. It is linked to the end entity (user) profile in EJBCA. You can find and manage this information within the EJBCA Admin GUI from the Search/Edit End Entities section. For more details, refer to the official website EJBCA.

  7. Click Test Connection to validate the certificates and Client Certificate Passphrase.

  8. If your test connection is not verified and you receive an error message, verify that the Qualys URL can access the provided EJBCA URL, and double-check that the credentials you entered are correct.

The CA created is reflected in Certificate Authority tab.You can view details such as type, mode (ACME or REST), the URL of the CA, and when the CA was created and last modified.

Manage Certificate Authority

You can manage Certificate Authorities by using the Quick Actions menu to Edit, Delete, and Set as default.

You can set one Certificate Authority as default for Private and one for Public CA. This is helpful for actions that require the default CA, such as automatic certificate renewal.

You cannot delete the Certificate Authority if a job is associated with it.

© Qualys, Inc. All rights reserved. Privacy Policy.