CA Operations Guide

This CA Operations Guide covers information on setting up Certification Authorities (CAs) and profiles and general configuration of the EJBCA instance.

For more information on RA Management tasks, see the RA Operations Guide. For Administrators responsible for configuring and maintaining EJBCA installations, see the EJBCA CA Concept Guide for information on EJBCA concepts and configuration.

Highlights

Crypto Tokens Operations

In EJBCA, cryptographic keys are stored in a Crypto Token. A Crypto Token can either be stored in a database, known as a soft Keystore, or on a Hardware Security Module (HSM).

For information on managing crypto tokens, with instructions on how to create, edit, and activate crypto tokens, see Managing Crypto Tokens.

Certificate Profiles Operations

A Certificate Profile defines the constraints of the certificate, for example, what keys it can use, and what the extensions will be. For information on how to create and edit Certificate Profiles, see Managing Certificate Profiles.

End Entity Profile Operations

End Entity Profiles allow narrowing down and automatically input some variables used in the certificate.

The End Entity Profile is used together with the Certificate Profile to create the certificates signed by the CA. The Certificate Profile defines the constraints of the certificate, for example what keys it can use and what the extensions will be, while the End Entity Profile defines the information in the certificate, for example country and organization.

For more information on importing and exporting End Entity Profiles and instructions for creating a Server End Entity Profile, see End Entity Profile Operations

CA Operations

A Certification Authority (CA) issues certificates to and vouches for the authenticity of entities. For information on managing CAs and instructions on how to create, renew, revoke, and import and export Certification Authority (CAs), see the Managing CAs section.

OCSP Management

For information on managing an OCSP Responder, whether situated locally on the same machine as the CA or remotely on a VA, see OCSP Management.

Roles and Access Rules Operations

For information on working with roles and access rules, see Roles and Access Rules Operations.