The following provides information on the configuration of the connection to the CA Service, which provides the central certificate generation service.
The central Trust Service is based on a pre-configured EJBCA Hardware Appliance but you could also configure the service using the EJBCA Enterprise Cloud on AWS or Azure. For more information, refer to the EJBCA Cloud documentation.
The first step in configuring the IdAM is setting up the certificate profiles and the Certificate Management Protocol (CMP) alias. The following specification can be used for setting up the CA certificates of the Product PKI, see Configure Certificates.
Configure CA Service
The CA Service is configured using CA Profiles settings, defining the PKI configuration and providing parameters necessary for access. Click the IdAM menu option CA Profiles to view the CA Service configuration.
Configure IdAM Identity
To allow signing of the CMP request, the Identity Authority Manager needs a trusted identity provided by the CA Service. The IdAM identity is configured using a keystore (PKCS#12 file) and password. To configure the keystore, click the IdAM menu option CA Profiles.