Creating CA Hierarchy

The following describe the creation of several CAs to illustrate how authorities are created. To illustrate certificate life cycle management using EJBCA, the following CAs are created:

  • Root CA named 'RootCA' as ROOTCA
  • SSL CA named 'SSLCA' as SubCA
  • Authentication CA named 'AuthCA' as SubCA
  • Signing CA named 'SignCA' as SubCA

The scenario that is about to be implemented is also described in the section Using External CA for Installation. The EJBCA Hardware Appliance that hosts ROOT CA (node B) will be offline after is finished with signing SubCAs in node A. Compare the following illustrations:

Node B with RootCA installed

Node A with SubCAs and ManagementCA installed

The steps to perform are described in the following sections: