The EJBCA Batch Enrollment GUI is a standalone Java desktop application which can be used to enroll multiple end entities from certificate signing requests at once. The application uses the web services interface for communication with EJBCA so an authorized administrator needs to be logged in to it in order to perform the operations.

Building and running

The application is built from the EJBCA directory by typing

ant batchenrollment-gui

and can then be started with the scripts

bin/batchenrollmentgui.sh

or

bin/batchenrollmentgui.cmd

Using

When the application starts the connection dialog asks for connection information and login credentials. You need to supply some sort of truststore and keystore in the same way as when using the web services interface. When using PKCS11 the keystore file path should be the path to the PKCS#11 shared library.

Enroll end entities:

Drag and drop certificate signing requests to the table in the main window or use the button Add... to browse for the files.
For each request map it to an end entity and choose an output filename for the resulting certificate.
Click on Enroll.

The GUI can guess which end entity the request belongs to if the file name contains the name of an existing end entity. For instance if the request files are named user1-00002.csr, user2-00002.csr and user3-00002.csr" and there exists end entities in EJBCA user1, user2 and user3 then they will already be selected.

Signed requests

The application also supports signed certificate signing requests. That is requests that are wrapped in a PKCS#7/CMS structure also containing a signature and a signing certificate that can be verified by the application before issuing the certificate. In order for the verification to work the Batch Enrollment GUI needs to have a PEM file with trusted certificates configured under the menu Edit -> Settings....