This section describes various protocols supported by EJBCA.

Overview

EJBCA can be accessed and managed through other methods than the UI and the CLI, both through home grown remote protocols and established protocols. The primary purpose for the majority of these is to allow third party applications to interface with EJBCA as a server.

Proxying

With two instances of EJBCA set up via the EJBCA Peers protocol the downstream peer will act as a proxy to the upstream one, e.g a CMP message sent to an RA will both be checked upstream with the CA and locally on the RA (and the reply will depend on where the alias is configured). This proxying is turned off by default, and can be activated on the Modular Protocols Configuration page.

Protocol Types

For the sake of clarity the protocols are split into categories below, though some APIs are so wide that they belong in multiple categories.

Certificate Enrollment Protocols

These protocols are generally meant for simple certificate enrollment and renewal operations. All actions mentioned here can also be handled in the Certificate Management Protocols mentioned below.

Certificate Management Protocols

These protocols are generally more advanced, and besides enrollment also handle operations such as revocation and checking certificate status.

Certificate Status Protocols

Protocol used solely for verifying the revocation status of certificates:

OCSP

General Protocols

Protocol covering other functions (CA management):

EJBCA Web Services