Skip to main content
Skip table of contents

In Place Upgrade Procedure - Azure


This guide will upgrade a single node from EJBCA Enterprise version to EJBCA Enterprise  In this example, the EJBCA host will have an IP Address of 172.1617.130.  Please change this IP address to be the IP Address that matches the EJBCA node being upgraded.

Download the EJBCA Cloud or Virtual Appliance Upgrade file from your customer download folder or obtain a copy from support at

  1. Copy the upgrade package to the EJBCA node using the following method:
    1. Using the CLI:
      If using a Mac or Linux based computer use the following command to copy the file to the host (Note: If using AWS, ensure you specify the user as ec2-user with your SSH key and in Azure, specify the user provisioned with your instance)

      scp ~/Downloads/ root@
    2. If using a program such as WinSCP or CyberDuck:
      Click "Open Connection":

      Enter the host credentials and click connect:

      Select the /opt/dist directory

      Drag and drop the file to the EJBCA VM in the /opt/dist directory.
  2. SSH to the EJBCA VM and login as root

    ssh root@

  3. Change directory to the /opt directory

    cd /opt
  4. Unzip the upgrade file into the /opt/ directory

    unzip dist/
  5. Ensure the file extracted into the /opt/ directory by doing a directory listing

    [root@ejbca-node-01 opt]# ls -la
    total 0
    drwxr-xr-x.  8 root    root    148 May 15 17:34 .
    drwxr-xr-x. 17 root    root    261 May 14 20:19 ..
    drwxr-xr-x.  2 root    root     60 May 15 17:29 dist
    lrwxrwxrwx.  1 root    root     22 May 14 18:20 ejbca -> /opt/ejbca_ee_7_3_1_2/
    drwxr-xr-x.  7 wildfly wildfly  80 May 14 20:22 ejbca_ee_7_3_1_2
    drwxr-xr-x   6 root    root     52 May 14 12:20 ejbca_ee_7_3_1_4
    drwxr-xr-x.  6 wildfly wildfly  90 May 14 20:23 PrimeKey
    drwxr-xr-x.  3 root    root     21 May 14 17:54 rh
    lrwxrwxrwx.  1 root    root     25 May 14 18:03 wildfly -> /opt/wildfly-10.1.0.Final
    drwxr-xr-x. 10 wildfly wildfly 237 May 14 18:20 wildfly-10.1.0.Final
    [root@ejbca-node-01 opt]# 
  6. Copy the existing config files to the new EJBCA install folder overwriting the default files with the existing files

    /bin/cp -f ejbca/conf/*.properties ejbca_ee_7_3_1_4/conf/
  7. Stop WildFly

    systemctl stop wildfly
  8. Remove "ejbca" symlink

    rm ejbca

    NOTE: Ensure it asks you to remove symbolic link!

    rm: remove symbolic link ‘ejbca’? 

    If sure, select "y" and press enter.

  9. Create a new symbolic link

    ln -s ejbca_ee_7_3_1_4 ejbca
  10. Ensure the symbolic link points to the new EJBCA directory

    lrwxrwxrwx   1 root    root     16 May 15 17:53 ejbca -> ejbca_ee_7_3_1_4
  11. Change the ownership of the new EJBCA files (ensure the trailing "/" in the command below so the permissions of the directory are changed and not the symlink itself)

    chown -R wildfly:wildfly /opt/ejbca/
  12. Copy the "ejbca.ear" file to the WildFly deployments directory

    /bin/cp -f ejbca/dist/ejbca.ear /opt/wildfly/standalone/deployments/

    If upgrading to newer versions of EJBCA at EJBCA 7.10.0 or above, additional steps are needed if you see errors like the following:

    2023-02-09 01:46:20,847 ERROR [] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "ejbca.ear")]) - failure description: {
        "WFLYCTL0412: Required services that are not installed:" => [""],
        "WFLYCTL0180: Services with missing/unavailable dependencies" => [
            "jboss.persistenceunit.\"ejbca.ear#ejbca\".__FIRST_PHASE__ is missing []",
            "jboss.persistenceunit.\"ejbca.ear#ejbca\" is missing []"

    Perform the additional steps for the WildFly configuration.  These settings need to be added because of changes in 3.0 of EJBCA Cloud and newer virtual appliances that support multiple database dialects. 

    1. Stop wildfly

    systemctl stop wildfly

    2. In standalone.xml, this value needs to be changed:

    <datasource jndi-name="java:/EjbcaDS" pool-name="ejbcads" use-ccm="true">
    <datasource jndi-name="java:/AppDS" pool-name="appds" use-ccm="true">

    3. In standalone.xml, need to change this value:


    4. In the standalone.conf you need to add to the JAVA_OPTS section, the following line:

    JAVA_OPTS="${JAVA_OPTS} -Dcontainer.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb"

    Alternatively, if you are using an external database, you can upgrade nodes by getting a new node running and doing a cluster join via the wizard.  For more information see the AWS cluster upgrade guide or Azure cluster upgrade guide.

  13. Restart wildfly

    systemctl start wildfly
  14. Ensure the new version of EJBCA is (or the version you are upgrading to.
  15. Apply the latest indexes for your upgraded version of EJBCA.  The indexes are located at /opt/ejbca/doc/sql-scripts/create-index-ejbca.sql.  Apply this index to the database.  The indexes will be skipped that are already applied, and the new ones added for any new EJBCA features will be added to the database.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.