Configuring the Keyfactor EJBCA Certificate Authority

This section describes how to configure the ActivID CMS Operator Portal for Keyfactor EJBCA.

For detailed instructions on creating directories and CAs in ActivID CMS, refer to Procedures for Managing Directories and Procedures for Configuring Connections to Certificate Authorities.

  1. Log on to the ActivID CMS Operator Portal with an ActivID CMS Administrator certificate.

  2. Go to the Configuration tab, and then click Repositories.

    Repositories Management window with various settings for directories, certificate authorities, authentication servers, VCI providers, passkey-enabled services and CMS peer servers

  3. Click Add Certificate Authority.

    Certificate Authority Creation dialog box with Keyfactor EJBCA selected in the Provider drop-down list and Default EJBCA selected in the Template drop-down list, as well as a Submit button and a Cancel button below these lists

  4. From the Provider drop-down list, select Keyfactor EJBCA.

  5. In the Template drop-down list, leave Default EJBCA.

  6. Click Submit.

    Certificate Authority Creation dialog box for KeyFactor EJBCA with various fields and drop-down lists for configuring the Default EJBCA template to be completed in step 1, followed by a Test button displayed in step 2, and a Create button as well as a Cancel button in step 3

  7. Enter a Name for the Certificate Authority.

  8. Enter the Host Name of the EJBCA Server.

    Note: The host name is the Fully Qualified Domain Name (FQDN), i.e., the full server name of the on-premises EJBCA server.

  9. Enter a Port of the EJBCA Server, or leave the default value.

  10. Enter the EJBCA CA Name (see Creating the CA in EJBCA for details on this value).

  11. Enter the Truststore file containing the CA certificates (see Creating the CA in EJBCA for details on this value).

  12. Enter the PKCS#12 file containing the client certificate and key and the Password for the PKCS#12 file containing the client certificate and key (see Enrolling the CMS Agent on the EJBCA Server for details on these values).

  13. Set the desired revocation reasons for the different card states.

  14. Click Test to verify the CA configuration.

  15. Click Create to apply your changes.