This page describes various protocols supported by EJBCA.


EJBCA can be accessed and managed through other methods than the UI and the CLI, both through home grown remote protocols and established protocols. The primary purpose for the majority of these is to allow third party applications to interface with EJBCA as a server.


With two instances of EJBCA set up via the EJBCA Peers protocol the downstream peer will act as a proxy to the upstream one, e.g a CMP message sent to an RA will both be checked upstream with the CA and locally on the RA (and the reply will depend on where the alias is configured). This proxying is turned off by default, and can be activated on the Modular Protocols Configuration page.

Protocol Types

For the saken of clarity we've split into them following categories, though some APIs are so wide that we've added them to multiple.

Certificate Enrollment Protocols

These protocols are generally meant for simple certificate enrollment and renewal operations. All actions mentioned here can also be handled in the Certificate Management Protocols mentioned below.

Certificate Management Protocols

These protocols are generally more advanced, and besides enrollment also handle operations such as revocation and checking certificate status.

Certificate Status Protocols

These protocols are use solely for verifying the revocation status of certificates.

General Protocols

Protocols covering other functions (CA management) are listed here.