EJBCA Cloud Email Configuration Guide

This guide shows how to set up email notifications on the EJBCA Cloud node and within the EJBCA interface.

Email notifications can be configured for expiration notifications, issuance notifications, revocation notifications, approval notifications, and more.

To add support for sending email notifications in AWS Cloud instances, configure java:/EjbcaMail in wildfly.

  1. Stop wildfly

[ec2-user@ip-172-31-3-10 ~]$ sudo -i
[root@ip-172-31-3-10 ~]# systemctl stop wildfly
  1. Edit standalone.xml

vim /opt/wildfly/standalone/configuration/standalone.xml

A. Under: urn:jboss:domain:mail:4.0

	   <!-- MODIFICATION: Mail interface used by EJBCA -->
            <mail-session name="java:/EjbcaMail" jndi-name="java:/EjbcaMail">
                <smtp-server outbound-socket-binding-ref="ejbca-mail-smtp"/>
            </mail-session>

Update:

            <mail-session name="java:/EjbcaMail" jndi-name="java:/EjbcaMail">
                <smtp-server outbound-socket-binding-ref="ejbca-mail-smtp" tls="true" ssl="true" username="noreply@your-mail-server.tld" password="noreplyPassword"/>
            </mail-session>
  • note the ssl="true" and tls="true" are based on the used mail server and what it supports

  • username is an smtp account that capable of sending outbound emails from your mail server

  • password is the authentication password of the smtp user

B. Under: socket-binding-group

	  <!-- MODIFICATION: Default gateway for mail sent by EJBCA -->
        <outbound-socket-binding name="ejbca-mail-smtp">
            <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
        </outbound-socket-binding>

Update:

        <outbound-socket-binding name="ejbca-mail-smtp">
            <remote-destination host="your-mail-server.tld" port="465"/>
        </outbound-socket-binding>
  • host is the smtp hostname, example: mail.company.com

  • port is the smtp ssl/tls port used in your mail server (usually 465 for ssl and 587 for tls but can differ)

C. Save and quit

ESC
:wq
  1. Start back wildfly

[root@ip-172-31-3-10 ~]# systemctl start wildfly
  1. Proceed to configure the notifications in your EJBCA instance using E-mail Notifications.

  1. Once a notification is triggered, you should see relative lines in the wildfly log

2022-06-22 22:26:36,461 DEBUG [org.ejbca.core.ejb.ServiceLocator] (default task-2) Doing lookup of 'java:/EjbcaMail'
2022-06-22 22:26:36,464 DEBUG [org.ejbca.util.mail.MailSender] (default task-2) from: <noreply@your-mail-server.tld>
2022-06-22 22:26:36,469 DEBUG [org.ejbca.util.mail.MailSender] (default task-2) to: <end-entity-email-address@domain.tld>
2022-06-22 22:26:36,470 DEBUG [org.ejbca.util.mail.MailSender] (default task-2) subject: <subjectGoesHere>
2022-06-22 22:26:36,470 DEBUG [org.ejbca.util.mail.MailSender] (default task-2) content: <messageBodyGoesHere with some variables>
2022-06-22 22:26:37,180 INFO  [org.ejbca.core.ejb.ra.EndEntityManagementSessionBean] (default task-2) Notification to user <username> with email <end-entity-email-address@domain.tld> sent successfully.


  • Check also spam/junk folder if emails don't arrive to inbox, in that case you may want to weak your spam filter (or/and use whitelisting) if needed.

  • To enable debug log level, follow Enabling Debug Logging.