Do you need to make issued certificates and certificate status available to systems external to your certificate authority (CA)? Read on to learn how to.
Being security aware, you of course want to limit access to the CA through appropriate network and IT security design. This means you want to limit incoming traffic to your CA.
Using the Cert Safe HTTPS Publisher in EJBCA, you can make certificates and certificate status available to external systems through REST calls that are automatically triggered from EJBCA on any certificate lifecycle event.
The receiving system needs to implement the Cert Safe REST API. Once configured in EJBCA, the system will receive REST calls with the PEM-encoded certificate and status keeping it up to date about any issued or revoked certificates. For revoked certificates, the integrated system will also get informed about the revocation reason.
The connection between EJBCA and the external system is initiated by EJBCA and protected through a mutual TLS connection. The secure publishing of certificate information to the external system will be consistently triggered regardless of whether the certificate issuance or revocation is triggered through the UI, API, or an enrollment protocol.
Since version 7.10, Cert Safe HTTPS Publisher is available in EJBCA Community. Read more in the release notes.