Advanced Deployments
ENTERPRISE
The EJBCA Enterprise PKI configuration export/import tool EJBCA ConfigDump allows you to export and import configurations in human-readable (YAML) format. The import functionality allows you to import configurations such as profiles and Certificate Authorities (CAs). Since the configuration dump itself is human-readable, you can edit the fields in each object (for example, change the subject DN of an end entity profile) before import.
EJBCA Enterprise container deployments enable Helm-based deployment automation for Kubernetes deployments. File-based configuration of EJBCA resources allows you to configure EJBCA to read Kubernetes ConfigMaps and Secrets to create resources during EJBCA deployment. This significantly reduces installation effort, and brings the advantage of replicating an existing setup. You can, for example create a setup of EJBCA instances in your development cluster, export the configuration from the environment, and then create an installation in your staging or production cluster and import the ConfigDump export.
Note that an EJBCA installation with ConfigDump import does not support replication during the installation stage. Instead, use helm install
with ConfigDump and replicaCount: 1
and then after the installation is complete, perform an helm upgrade
to the desired replicaCount
.
For more information on Helm-based deployment automation for different EJBCA container deployments, see the following sections:
EJBCA Configdump in Kubernetes How to customize the EJBCA Helm chart and which Kubernetes resources to use. Find information on Kubernetes resources to configure to reduce complexity and facilitate replication of environments for EJBCA with automation.
Deploy EJBCA as CA with automation How to install a Certificate Authority (CA) using EJBCA Enterprise configuration export/import tool EJBCA ConfigDump. Learn how to use Helm to create Certificate Authorities (CAs), configure roles, and enable required protocols such as REST and OCSP, and customize ConfigDump-supported resources.
Deploy EJBCA as RA with automation How to install and configure a Registration Authority (RA) as a peer in a CA node using ConfigDump, significantly reducing the effort of setting up the peer connection.
Deploy EJBCA as VA with automation How to install and configure a Validation Authority (VA) as a peer in a CA node using ConfigDump. Similarly to RA installation to setup an VA.