The following describes the creation of multiple CAs to illustrate how authorities are created. To explain how to manage the certificate lifecycle with EJBCA, the following CAs are created:

  • Root CA named 'RootCA' as ROOTCA
  • SSL CA named 'SSLCA' as SubCA
  • Authentication CA named 'AuthCA' as SubCA
  • Signing CA named 'SignCA' as SubCA


In this scenario you have two devices:

  • one is hosting the SubCAs (Node A)

  • one is hosting the ROOTCA (Node B)


The EJBCA Hardware Appliance that hosts ROOTCA (Node B) will be offline after the successful setup of the SubCAs.


The steps to perform are described in the following sections: