Skip to main content
Skip table of contents

EJBCA Cloud AWS TLS Certificate Generation Guide


This guide is intended to show an administrator of a PrimeKey EJBCA Cloud on AWS instance how to generate new Transport Layer Security (TLS) certificates.


This EJBCA Cloud Documentation applies for the latest EJBCA Cloud version. To access documentation for previous versions, click EJBCA Cloud Versions in the header.

For the latest EJBCA Enterprise documentation, see EJBCA Documentation.

AWS Documentation

Information on AWS Public IP addressing is available in the AWS User Guide for Linux Instances.


This guide describes how to generate new TLS certificates in EJBCA Cloud.

New TLS certificates are needed in the following circumstances:

  • EJBCA Cloud instance is shut down within the Amazon environment and the Public IP is released by Amazon.
  • An Elastic IP is added to the instance in place of the Public IP for persistence.
  • A custom DNS name is desired.

When using tools such as the ClientToolBox, the following error may be displayed:

"No subject alternative DNS name matching <instance ip> found".

If this is encountered, perform the steps in this guide.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.