An OpenSSL based CA has the CA keys and certificate as PEM files (or the CA private key on an HSM), and issued subscriber certificates as PEM files.

You can convert a PEM-style Root CA key to a PKCS12 file that can be imported in EJBCA:

$ openssl pkcs12 -export -out server1.p12 -inkey cakey.pem -in ca.pem -name privateKey

The following EJBCA CA UI menu options and CLI commands allow you to import these and continue operations transparently:

  • To import a PKCS#12 file with CA private key and certificate, select the EJBCA CA UI menu option Edit Certificate Authorities > Import CA keystore.
  • To import CA keys from a PKCS#12 file or an HSM, use the CLI command bin/ ca importca.
  • To import user certificates, use the CLI command bin/ ca importcert.
  • To import CRLs (revocation information), use the CLI command bin/ ca importcrl.