Acquire a Client Certificate for EJBCA CA Authentication

Keyfactor Command uses a client certificate to authenticate to the EJBCA certificate authorityClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. to support certificate synchronization, enrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., and revocation. The certificate that Keyfactor Command uses for authentication needs:

  • An extended key usage (EKU) of Client Authentication

  • A key usage that includes Digital Signature

Figure 485: Certificate Profile for EJBCA Client Certificate

The certificate needs to be available as a PKCS#12Closed A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. (*.pfx) file in order to import it into Keyfactor Command.

Figure 486: Certificate Download for EJBCA Client Certificate

The certificate needs to be granted appropriate access to the EJBCA CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. to allow Keyfactor Command interactions with the CA to take place (see Grant the Keyfactor Command Users and Service Account(s) Permissions on the CAs).