We provide an Ansible playbook and roles to use with EJBCA and integrations. Both Community and Enterprise versions of EJBCA are supported. Using the Ansible playbook, you can easily get EJBCA up and running, including a complete technology stack.
Ansible helps ensure that the PKI deployments are consistent and repeatable across different environments including test environments and systems, thereby reducing the risk of errors or inconsistencies.
The EJBCA Ansible playbook has been developed as open source to make it easier for you to get started with EJBCA. We encourage everyone to share and contribute any improvements or alternative solutions so that we all have the most optimal and secure deployment possible.
Our open-source Ansible playbook is available on GitHub. It is capable of performing the following high-level tasks:
In this tutorial, we will demonstrate how to automate the wizard installation and configuration of EJBCA Enterprise Cloud using our open-source Ansible playbook for a zero-touch PKI experience. The playbook uses a variety of Ansible roles developed for EJBCA to automate the deployment and configuration.
The installation and configuration of EJBCA Cloud include these steps:
ecloud_inventory
file with the IP address or fully qualified domain name to connect to the remote EJBCA instance.host_vars
and group_vars
to update variables for your deployment. If you are unsure about what to update, you can try deploying with the defaults, or you can ask a question on the Keyfactor Ansible repository Discussion forum.Running the Ansible playbook to configure EJBCA automates the following steps:
configdump
utility to complete the following:
Once the Ansible playbook has completed, open the EJBCA RA web in your internet browser and create your P12 credential to access EJBCA. Install the P12 credential into either the OS truststore or browser truststore depending on which browser you use. Then you can access the EJBCA adminweb UI in your web browser and review the EJBCA settings or begin testing certificate enrollment.
Before you begin, you will need:
Using Ansible to Automate PKI Deployment and Configuration.
Take a peek at our tutorial video on YouTube, and browse through some of our other tutorial videos as well.
You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.