Changing Client Certificate and Trusted CA for Application Interface
In this exercise we will change the client certificate and update the trusted CA for Application Interface using WebConf. First we will configure EJBCA and then WebConf.
The new superuser certificate has to be issued from the same CA (MyTrustedSubCA signed by MyTrustedRootCA) that we will install for TLS authentication. First we have to provide the information about the certificate (MyClientAuthenticationCertificate.pem) that will be used as superuser.
In EJBCA Admin Web > Certification Authorities, click Import CA certificate and upload the CA certificates MyTrustedRootCA and MyTrustedSubCA.Import new trusted CAs as External ones in EJBCA
Select Administrator Roles and click Administrators next to the Super Administrator Role.Add a new trusted client certificate as superadmin in EJBCA
Check the SubjectDN of the client certificate used to authenticate using openssl.
Run the following command as 'user':
In the Edit Administrators page, specify the following and then click Add:
Configure the serial number of the trusted certificate in EJBCA
- CA: MyTrustedSubCA
- Match with: X.509: Certificate serial number (Recommended)
- Match type: Equal, case sens.
- Match value: 2b4306acbf69224
EJBCA is now configured to use this certificate and the last step is to configure WebConf to allow the Application Interface to also authenticate MyTrustedSubCA-chain.pem
Follow the same process but for the Application Interface as described in Changing Client Certificate and Trusted CA for Management Interface