Configuration Issues

The following provides information about implemented configuration issues.

Not In Production Mode

Produces a single ticket with priority INFO when EJBCA is running in non-production mode.

It is possible to run system tests (on purpose or by accident) on such an instance, and additional tools for developers are available. A production environment should never have an instance running in a non-production mode for security reasons.

To put EJBCA in production mode, make the following adjustment in the configuration file and redeploy EJBCA.

Switch to production mode


ECC With Key Encipherment

Produces one ticket with priority WARN, for each certificate profile supporting an ECC-based signature scheme while having the key usage keyEncipherment enabled at the same time. 

Section 3 of RFC 5480 defines the keyUsage bits allowed with Elliptic Curve Cryptography Subject Public Key Information. Key Encipherment is not on the list.

Internal Key Binding Validity Check

Produces one ticket per active internal key binding whose certificate is either expired or not yet valid, according to EJBCA's local clock.

Internal key bindings with expired certificates will not be able to function properly and you should renew these certificates as soon as possible.