EJBCA - Open Source PKI Certificate Authority
Search ejbca.org for:


Code of conduct

The EJBCA community should try to follow the excellent Ubuntu Code of Conduct.



MySQL: Create ALTER-scrips automatically to upgrade database from old version to latest development version: http://www.mysqldiff.org/

Swedish characters in Java/Jboss

Add the following options to the JVM by modifying JAVA_OPTIONS in run.sh/cmd.

-Duser.region=SE -Duser.language=sv -Dfile.encoding=ISO-8859-1


PKCS12 files generated from EJBCA works excellent as PGP-keys.

Firefox Key Generation

For Firefox to be able to verify client certificates the CA-certificates must have the extensions BasicConstraints and AuthorityKeyIdentifier. Client certificates also need AuthorityKeyIdentifier

There is new key generation using javascript, generating a CRMF request:
JavaScript crypto.

Microsoft Internet Explorer Key Generation

For MSIE to verify client certs, the ordering in the DN must be strictly the same in both client and CA certs. Possibly that it must also be in a specific order.

There is some bug that required a "nocache" meta tag to eliminate duplicate sending of certificate request. This duplicate sending will result in wrong behaviour, since user status will be wrong.

<META HTTP-EQUIV="Pragma" CONTENT="no-cache" >

Microsoft Knowledge Base documents


  • Lab 5.3.2 - Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel with CA support