Skip to main content
Skip table of contents

Renew CA Service

The renew CA service can be used to automatically renew CAs that are about to expire. This service could be used for an Extended Access Control (EAC) ePassport where the Country Verification CA (CVCA) and the Document Verifier CA (DVCA) are on the same EJBCA node and the DVCA has a validity of three months. The Renew CA service will renew the DVCA every three months. Another use case for the Renew CA Service could be the renewal of a Sub CA that has a short validity period. It's important to point out that if the CA is subordinated, the issuer of the subordinate CA must also be on the same EJBCA instance. The specific settings are:

  • CAs to Check: CAs to be checked and renewed if they are about to expire.
  • Time before CA expires to renew: Amount of time before the CA actually expires, that the service should renew the CA.

For CAs using soft keystores and not using the default password, auto-activation is required.

If there is a large number of CA's that are configured for renewal with this service, it is recommended to create multiple Renew CA services splitting up the number of CA's per service. For example if you had 50 CA's, split that up between 5 services.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close