Health checks allow ensuring that the CAs service availability is monitored by the EJBCA Health Check service which can be supervised by a system such as Nagios or Solar Winds. The EJBCA Health Check service can also be used by systems such as F5 load balancers to ensure that the system is running.

To configure the Health Check service:

  1. Under CA Functions, click CA Activation.
  2. Select the desired CAs to be monitored.  
    NOTE It is not advised to monitor the Root CA as it is usually kept offline.
  3. By default, Health Check is not allowed from any external IPs. To change the configuration to allow external IPs, edit the following line in the file:
    Change the line to be uncommented and specify the remote IPs that may call the health check servlet (use semicolon ';' to separate multiple IPs or enter "ANY" for all IPs).
  4. Restart EJBCA with the following command:
     service <Servicename (ejbca, jboss or wildfly usually)> restart
  5. The Health Check URL is located at:
    https://<IP or FQDN>/ejbca/publicweb/healthcheck/ejbcahealth
    For example: