Learn how to get started with EJBCA Community as a Docker container.

In this tutorial, you will learn how to start an ephemeral instance where anyone with unauthenticated network access to the instance can manage the system.

  • Install Docker
  • Pull EJBCA Community container
  • Start EJBCA Community container
  • Access EJBCA CA UI

The EJBCA Community container is started as an ephemeral instance which means that when you stop the container, it will automatically be removed and all data will be destroyed. This setup is suitable for testing EJBCA or for evaluating added functionality in an updated version. For information on running the container with more production-like settings with persistent data, refer to EJBCA on Docker Hub.

This tutorial covers the quickest way to get an instance of EJBCA up and running for testing purposes. For instructions on how to start an EJBCA Community instance with client certificate authenticated access, see Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access.

Prerequisites

Before you begin, you need a fresh Ubuntu 22.04 LTS that already has Snap installed and ready to go.

Step 1 - Install Docker

By default, Docker is accessible with root privileges (sudo).

  • To install docker, use the following command:

    $ sudo snap install docker
    CODE

Step 2 - Pull EJBCA Community container

The EJBCA Community Docker container is available on Docker Hub and can be pulled straight from the command line using the docker tool.

  • To download and unpack the latest EJBCA Community container image from Docker Hub, use the following command:

    $ sudo docker pull keyfactor/ejbca-ce
    CODE

Step 3 - Start EJBCA Community container

Starting the EJBCA Community container as an ephemeral instance where anyone with unauthenticated network access to the instance can manage the system is only suitable for internal testing environments with private access. For information on starting an EJBCA Community instance with certificate authentication, see Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access.

  1. Start the container with the container hostname set to "localhost":

    $ sudo docker run -it --rm -p 80:8080 -p 443:8443 -h localhost -e TLS_SETUP_ENABLED="simple" keyfactor/ejbca-ce
    CODE

    Note that when starting the container with TLS_SETUP_ENABLED="simple", no client TLS certificate will be used initially, and anyone with HTTPS access will be able to manage the instance.


  2. The end of the output is similar to the following, in which the URL shows the URL for accessing EJBCA:

Step 4 - Access EJBCA CA UI

To access EJBCA, do the following:

  1. Copy the URL from the console output and paste it into your browser.
  2. To accept the security risk, click Advanced and then Accept the risk and continue.
  3. EJBCA CA UI opens displaying the administration page.

Next steps

In this tutorial, you learned how to pull and start an EJBCA Docker container and access EJBCA.

To learn how to use Docker with Docker Compose to run the EJBCA Community container with a MariaDB database container, see the tutorial Start out with EJBCA Docker container.

To find out more about EJBCA use cases, see Solution Areas.