The following covers various protocols supported by EJBCA.


EJBCA can be accessed and managed through other methods than the UI and the CLI, both through homegrown remote protocols and established protocols. The primary purpose for the majority of these is to allow third-party applications to interface with EJBCA as a server. 


With two instances of EJBCA set up via the EJBCA Peers protocol, the downstream peer will act as a proxy to the upstream one. For example, a CMP message sent to an RA will both be checked upstream with the CA and locally on the RA (and the reply will depend on where the alias is configured). This proxying is disabled by default and can be activated on the Modular Protocols Configuration page. 

Protocol Types

The protocols are split into categories below, though some APIs are so wide that they belong in multiple categories.

Certificate Enrollment Protocols

These protocols are generally meant for simple certificate enrollment and renewal operations. All actions mentioned here can also be handled in the Certificate Management Protocols listed below.

Certificate Management Protocols

These protocols are generally more advanced, and besides enrollment also handle operations such as revocation and checking certificate status.

Certificate Status Protocols

Protocol used for verifying the revocation status of certificates:

Protocol used to download CA certificates and CRLs:

General Protocols

Protocol covering other functions (CA management):