A comprehensive laboratory project for installing and deploying EJBCA (Enterprise JavaBeans Certificate Authority) using various methods and deployment scenarios.
This lab provides step-by-step instructions and configurations for deploying EJBCA, a full-featured PKI (Public Key Infrastructure) solution, using multiple installation methods:
- π₯οΈ Manual Installation - Traditional installation on Ubuntu with MariaDB and SoftHSM
- π³ Container Deployment - Docker/Podman-based deployment with docker-compose
- βοΈ Cloud Deployment - Automated deployment on Google Cloud Platform using Terraform
EJBCA is an enterprise-grade Certificate Authority (CA) software that provides:
- Certificate lifecycle management
- Multiple certificate profiles (SSL/TLS, code signing, S/MIME, etc.)
- Support for Hardware Security Modules (HSM)
- Web-based administration interface
- REST API for automation
- eIDAS compliance support
Location: manual-installation/
Complete manual installation guide for EJBCA 9.2.0 on Ubuntu with:
- OpenJDK 17
- WildFly 35.0.1.Final
- MariaDB 10.11
- SoftHSM2 for hardware token simulation
Best for: Learning the installation process, custom configurations, production deployments
β View Manual Installation Guide
Location: docker-podman/
Quick deployment using containers with docker-compose:
- MariaDB 10.11 database container
- EJBCA Community Edition container
- Automatic health checks
- Persistent data volumes
Best for: Development, testing, quick deployments, local labs
β View Container Deployment Guide
Location: terraform-lab/
Automated infrastructure deployment on GCP using Terraform:
- VM instance with automatic setup
- Static IP reservation
- Firewall rules configuration
- Optional reverse proxy with Caddy
- Support for both EJBCA and Smallstep CA
Best for: Cloud deployments, scalable infrastructure, infrastructure as code
β View Terraform Deployment Guide
- For Manual Installation: Ubuntu 22.04+, root/sudo access
- For Container Deployment: Docker or Podman, docker-compose
- For Cloud Deployment: Google Cloud account, Terraform, gcloud CLI
- Quick local testing: Use Container Deployment
- Learning EJBCA internals: Use Manual Installation
- Production-like cloud setup: Use Terraform Deployment
- EJBCA Version: 9.2.0 (EE with eIDAS support)
- WildFly Version: 35.0.1.Final
- Java Version: OpenJDK 17
- Database: MariaDB 10.11
- Container Image:
primekey/ejbca-ce:latest
- All default passwords in this lab are for testing purposes only
- Change all default credentials before deploying to production
- Use strong passwords for database and EJBCA admin accounts
- Configure firewall rules appropriately
- Consider using HSM for production deployments
- Regularly update EJBCA and dependencies
ejbca-lab/
βββ README.md # This file
βββ manual-installation/ # Manual installation guide
β βββ README.md
βββ docker-podman/ # Container deployment
β βββ README.md
β βββ docker-compose.yml
βββ terraform-lab/ # GCP Terraform deployment
βββ README.md
βββ main.tf
βββ variables.tf
βββ outputs.tf
βββ startup.sh
After installation, verify EJBCA is running:
# Check web interface
curl -k https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth
# Access admin web interface
# https://localhost:8443/ejbca/adminweb- EJBCA Official Documentation
- EJBCA Community Edition GitHub
- WildFly Documentation
- MariaDB Documentation
Feel free to improve this lab by:
- Adding more deployment methods
- Documenting additional configurations
- Fixing issues or improving documentation
- Adding troubleshooting guides
This lab is provided for educational and testing purposes. EJBCA has its own licensing terms. Please refer to the official EJBCA documentation for licensing information.
This lab is intended for educational and testing purposes. For production deployments, please:
- Review security best practices
- Use appropriate hardware and resources
- Follow EJBCA production deployment guidelines
- Consult with security professionals
Happy PKI Building! π