.png){kind=logo}
Manage OpenID Connect (OIDC) Settings
Using external OIDC with EJBCA
In order to use an external OIDC provider with EJBCA, you might need to upload all Certification Authorities (CAs) required by the external OIDC provider.
For this, use the Application Trust Store and upload a certificate bundle that contains all required CAs.
EJBCA in the Appliance comes with a version of the Common CA Database (CCADB) which contains already a large list of publicly trusted CAs to make interaction with external services easier. Some external OIDC providers (e.g. Entra ID) require you to have both, your own CAs and their CAs in the EJBCA trust store.
In such cases it is recommended to first upload a certificate bundle with the their CAs (e.g. with the CCADB root certificates), followed by an upload of your CAs.
You can deactivate the OIDC login for endpoints that are used by EJBCA. This enables to fully use the user account management of EJBCA.
To deactivate the OIDC login, do the following:
-
Log in to your Software Appliance and open the Access page.
-
In the section Platform settings, disable the option Require platform user account for EJBCA management.
-
Confirm your settings with Save Settings.
You can now fully use the user account management of EJBCA.
-
If the checkbox is selected,
a login to the Software Appliance is required to access EJBCA. -
If the checkbox is not selected,
a login to the Software Appliance is not required to access EJBCA, as long as EJBCA is configured to use other authentication providers such as OAuth or Entra ID.
Maintenance Mode
If you activate maintenance mode, the application is shut down to prevent write operations to the database.
To activate the Maintenance Mode, do the following:
-
Log in to your Software Appliance and open the Access page.
-
In the section Platform settings, enable the option: Run Appliance in Maintenance Mode.
-
Confirm your settings with Save Settings.
When Maintenance mode is enabled, all HTTP endpoints of the Software Application return an HTTP status code 503.