Automate certificate issuing via EJBCA REST API

In this guide, you will learn how to automate your certificate issuance using either the EJBCA REST API CLI with Python or the EJBCA REST API with Postman.

About Python and Postman

About Python and Postman – Click to learn more

Python is ideal for scripting, automation, data manipulation, analysis, and web development with custom logic and broader application requirements.

Postman, on the other hand, is primarily focused on API testing and exploration.

Automate certificate issuing with EJBCA REST API CLI and Python

In this video, you will learn how to:

Generate a private key and CSR using OpenSSL, and sign them using the EJBCA REST API
Use Python or a shell script to submit the CSR to the EJBCA REST API
Check the contents of the certificate using OpenSSL

A Linux server is used with OpenSSL, a credential from EJBCA that has permission to enroll for a certificate and use the Rest API to submit CSRs and receive a certificate from EJBCA. Two examples are covered using Python and shell.

Video

Prerequisites

For this guide, the EJBCA Community Docker container version 7.11.0 was used.

Before you begin, you need:

A running EJBCA instance - Click to learn more

If you don’t already have EJBCA installed, here are some options for you:

Download EJBCA - Free and open-source EJBCA Community version
- There are guides to help you, for example, see this one on how to run the EJBCA Docker container: Quick Start EJBCA Container with Client Certificate Authenticated Access.
Try on AWS - Free 30-day trial EJBCA Cloud on AWS
Try on Azure - Free 30-day trial EJBCA Cloud on Azure

EJBCA configured with a certificate profile, end entity profile, CA, role, etc., to issue certificates
P12 file that is permitted in an EJBCA role to issue an End Entity
Linux host to run the Python or shell script
Python, Python Request, curl, jq, installed on the Linux host

Automate certificate issuing with EJBCA REST API and Postman

In this video, you will learn how to:

Generate a private key and CSR using OpenSSL, and sign them using the EJBCA REST API
Use Postman to submit the CSR to the EJBCA REST API
Check the contents of the certificate using OpenSSL

Use the Postman graphical user interface tool to submit CSRs to EJBCA to request a certificate. Use OpenSSL to generate a private key, CSR, and parse the certificate returned from EJBCA

Video

Prerequisites

For this guide, the EJBCA Community Docker container version 7.11.0 was used.

Before you begin, you need:

A running EJBCA instance - Click to learn more

If you don’t already have EJBCA installed, here are some options for you:

Download EJBCA - Free and open-source EJBCA Community version
- There are guides to help you, for example, see this one on how to run the EJBCA Docker container: Quick Start EJBCA Container with Client Certificate Authenticated Access.
Try on AWS - Free 30-day trial EJBCA Cloud on AWS
Try on Azure - Free 30-day trial EJBCA Cloud on Azure

EJBCA configured with a certificate profile, end entity profile, CA, role, etc., to issue certificates
P12 file that is permitted in an EJBCA role to issue an End Entity
OpenSSL to generate a private key, CSR, and inspect the certificate
Postman installed

Next steps

In this guide, you learned how to automate your certificate issuance in two ways: using the EJBCA REST API CLI with Python or the EJBCA REST API with Postman.

Here are some next steps we recommend:

Find the EJBCA REST API documentation on GitHub.
Download the EJBCA Docker container from DockerHub.

If you are interested in EJBCA Enterprise, read more on Keyfactor EJBCA Enterprise.

If you are interested in EJBCA Community, check out EJBCA Community vs Enterprise or read more on ejbca.org.
If you are an EJBCA Enterprise customer and need support, visit the Keyfactor Support Portal.
Discuss with the EJBCA Community on GitHub Discussions.

Contact us

Request a live demo with one of our experts — whether you want to explore workflows hands-on or discuss your specific needs.

Request a Demo