Azure TLS Certificate Generation Guide


This guide is intended to show an administrator of a PrimeKey EJBCA Cloud instance how to generate new Transport Layer Security (TLS) certificates.


EJBCA Cloud documentation is available on:

EJBCA Enterprise documentation is available on:

Additional information on EJBCA Community is available on:

Azure Documentation

Information on Azure Public IP addressing is available in the Azure User Guide Create, change, or delete a public IP address.


This guide describes how to generate new TLS certificates in EJBCA Cloud.

New TLS certificates are needed in the following circumstances:

  • EJBCA Cloud instance is shut down within the Azure environment and the Public IP is released by Azure.
  • An assigned IP is added to the instance in place of the Public IP for persistence.
  • A custom DNS name is desired.

When using tools such as the ClientToolBox, the following error may be displayed:

"No subject alternative DNS name matching <instance ip> found".

If this is encountered, perform the steps in this guide.