Learn how to get started with EJBCA Community as a Docker container.
In this tutorial, you will learn how to start an ephemeral instance where anyone with unauthenticated network access to the instance can manage the system.
- Install Docker
- Pull EJBCA Community container
- Start EJBCA Community container
- Access EJBCA CA UI
The EJBCA Community container is started as an ephemeral instance which means that when you stop the container, it will automatically be removed and all data will be destroyed. This setup is suitable for testing EJBCA or for evaluating added functionality in an updated version. For information on running the container with more production-like settings with persistent data, refer to EJBCA on Docker Hub.
This tutorial covers the quickest way to get an instance of EJBCA up and running for testing purposes. For instructions on how to start an EJBCA Community instance with client certificate authenticated access, see Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access.
Before you begin, you need a fresh Ubuntu 22.04 LTS that already has Snap installed and ready to go.
Step 1 - Install Docker
By default, Docker is accessible with root privileges (
To install docker, use the following command:
$ sudo snap install dockerCODE
Step 2 - Pull EJBCA Community container
The EJBCA Community Docker container is available on Docker Hub and can be pulled straight from the command line using the docker tool.
To download and unpack the latest EJBCA Community container image from Docker Hub, use the following command:
$ sudo docker pull keyfactor/ejbca-ceCODE
Step 3 - Start EJBCA Community container
Starting the EJBCA Community container as an ephemeral instance where anyone with unauthenticated network access to the instance can manage the system is only suitable for internal testing environments with private access. For information on starting an EJBCA Community instance with certificate authentication, see Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access.
Start the container with the container hostname set to "localhost":
$ sudo docker run -it --rm -p 80:8080 -p 443:8443 -h localhost -e TLS_SETUP_ENABLED="simple" keyfactor/ejbca-ceCODE
Note that when starting the container with
TLS_SETUP_ENABLED="simple",no client TLS certificate will be used initially, and anyone with HTTPS access will be able to manage the instance.
- The end of the output is similar to the following, in which the URL shows the URL for accessing EJBCA:
Step 4 - Access EJBCA CA UI
To access EJBCA, do the following:
- Copy the URL from the console output and paste it into your browser.
- To accept the security risk, click Advanced and then Accept the risk and continue.
- EJBCA CA UI opens displaying the administration page.
In this tutorial, you learned how to pull and start an EJBCA Docker container and access EJBCA.
To learn how to create basic profiles and issue a client authentication certificate in EJBCA, you can follow the Quick Start Guide - Issue Client Authentication Certificate using EJBCA.
To find out more about EJBCA use cases, see Solution Areas.
Related Quick Start Guides