Installing EJBCA as an RA or VA
Since your Management CA has already been created on a previous instance, the next step is to copy in key stores and the Management CA's certificate in order to be able to access this node with your credentials.
Copy Your Existing Key Store
If you've already created a key store as part of the initial installation of EJBCA on another instance, copy it to the p12
directory in EJBCA. If no such directory exists, feel free to create one.
Deploy TLS Keystores to WildFly
Run this command to copy the existing key stores from the p12 to wildfly_home/standalone/configuration/keystore:
$ ant deploy-keystore
Import the Management CA Certificate
- Verify that web.reqcertindb=false has been set in
conf/web.properties
.- If not, set web.reqcertindb=false in
conf/web.properties
, and runant deployear
again.
- If not, set web.reqcertindb=false in
- Download the Management CA certificate (ManagementCA.cacert.pem) from the Admin UI on the instance hosting the Management CA
From the EJBCA CLI on the RA, run the following command to import the Management CA certificate on the RA:
BASH$ bin/ejbca.sh ca importcacert ManagementCA ManagementCA.cacert.pem -initauthorization -superadmincn SuperAdmin
Next Step: Continue as VA or RA
Next, continue as VA or RA: