Install EJBCA as an RA or VA

Follow these steps to install your EJBCA instance as a Registration Authority (RA) or Validation Authority (VA).

Since your Management CA has already been created on another instance, this setup involves importing its credentials and certificates to be able to access this node with your credentials.

Copy Your Existing Key Store

If you have already created a key store as the part of the initial installation of EJBCA on another instance, copy it to the p12 directory in EJBCA. If the p12 directory does not exist, create it.

Deploy TLS Keystores to WildFly

To copy the existing key stores from p12 to wildfly_home/standalone/configuration/keystore, run the following:

$ ant deploy-keystore

Import the Management CA Certificate 

1. Ensure that web.reqcertindb=false is set in conf/web.properties.
   If you change this value, redeploy EJBCA by running:

   CODE

   $ ant deploy deployear

2. Download the Management CA certificate (ManagementCA.cacert.pem) from the Admin UI on the instance hosting the Management CA.

3. From the EJBCA CLI on the RA, import the Management CA certificate on the RA with:

   BASH

   $ bin/ejbca.sh ca importcacert ManagementCA ManagementCA.cacert.pem -initauthorization -superadmincn SuperAdmin

Next Step: Continue as VA or RA

Next, continue as VA or RA:

• Continue setting up EJBCA as a VA

• Continue setting up EJBCA as an RA