EJBCA PKI

A certificate profile should be created, e.g. reusing the default "SERVER" certificate profile.

An authentication certificate should be issued for Horizon, and it should be given certificate issuance and revocation permissions on the aforementioned certificate procedure.

Only the following fields are managed: all Subject DN fields and subjectAltNames DNS, IPaddress, RFC822Name, msUPN and msGUID.

For multi-valued fields (SAN DNS and RFC822Name), if more data items are provided than configured in EJBCA for the given End Entity profile, the exceeding items will be ignored.

All limitations induced by the use of the EJBCA RA SOAP Connector.

Connector Name* (string input):
Choose a meaningful connector name allowing to identify the mapping between the PKI and the Certificate Profile. It must be unique and must not contain spaces.

Proxy (string select):
If the PKI is not directly reachable from Horizon, you can set up an HTTP/HTTPS proxy to properly forward the traffic.

PKI Queue (string select):
The PKI Queue used to manage the PKI Requests (enrollment, revocation).

Timeout (finite duration):
Represents a predefined interval of time without a PKI response, when the time has passed "Horizon" will cease trying to establish the communication. Must be a valid finite duration.

EJBCA RA URL* (string input):
Enter SOAP endpoint URL of the EJBCA WebService.

EJBCA Certificate Profile Name* (string input):
Enter EJBCA Certificate Profile to map for certificate issuance.

EJBCA CA Name* (string input):
Enter CA to use for certificate issuance.

EJBCA End Entity Profile* (string input):
Enter EJBCA End Entity profile.

Authentication Credentials* (select):
Select Certificate credentials containing the authentication certificate used to connect to the PKI.