Skip to main content
Skip table of contents

Quick Start Guide - Start EJBCA Container with Unauthenticated Network Access

Learn how to start an ephemeral instance to quickly spin up a PKI for testing EJBCA or trying out new features in an updated version of EJBCA.

In this guide, you will learn to:

  • Install Docker runtime

  • Pull the latest EJBCA Community container‚Äč 

  • Start EJBCA container as ephemeral instance‚Äč 

  • Access the EJBCA Administration interface

The EJBCA Community container is started as an ephemeral instance where anyone with unauthenticated network access to the instance can manage the system. When you stop the container, it will automatically be removed and all data will be destroyed. This setup is suitable for testing EJBCA or for evaluating added functionality in an updated version. For information on running the container with more production-like settings with persistent data, refer to EJBCA on Docker Hub.


Before you begin, you need a fresh Ubuntu 22.04 LTS that already has Snap installed and ready to go. To download, refer to Ubuntu 20.04 LTS.

Step 1 - Install Docker

First, install Docker runtime.

  • To install Docker runtime, in your terminal, run the following command:

    $ sudo snap install docker 

Step 2 - Pull EJBCA Community container

The EJBCA Community Docker container is available on Docker Hub and can be pulled straight from the command line using the docker tool.

  • To download and unpack the latest EJBCA Community container image from Docker Hub, use the following command:

    $ sudo docker pull keyfactor/ejbca-ce

Step 3 - Start EJBCA Community container

Start the EJBCA Community container as an ephemeral test instance, suitable for testing or evaluation purposes.

Note that starting the container with TLS_SETUP_ENABLED="simple", anyone with HTTPS access will be given full access to the EJBCA Admininistration interface. The instance is only suited for ephemeral tests without public network access as it gives access to the Administration interface without authentication.

  1. Start the container with the container mycahostname set to "localhost":

    $ sudo docker run -it --rm -p 80:8080 -p 443:8443 -h mycahostname -e TLS_SETUP_ENABLED="simple" keyfactor/ejbca-ce 
  2. The end of the output is similar to the following, providing the URL for accessing EJBCA.

    Copy the URL to use it for accessing EJBCA in the next step.

Step 4 - Access EJBCA

Access EJBCA using your browser and navigating to the URL provided in the console output.

  1. In your browser, paste the URL from the console output.

  2. A browser warning is shown. Accept this warning by clicking Advanced and then clicking through the warning.

  3. EJBCA opens displaying the administration page.

EJBCA is now up and running.

Next steps

In this guide, you learned how to get started quickly with an EJBCA container with unauthenticated network access.

To learn how to start an EJBCA Community Docker container with client certificate authenticated access, you can follow the Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access. For steps on how to issue a client authentication certificate using the EJBCA container, see Quick Start Guide - Issue Client Authentication Certificate using EJBCA.

For more guidance on how to use EJBCA, see our other Tutorials and Guides.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.