Internal Key Bindings Overview

For more information about how to manage Internal Keybindings, see Internal Keybindings Operations.


An Internal Key Binding can be used to make keys in a Crypto Token available for other uses than in a CA. It is a reference to a key pair available to the EJBCA instance, a non-CA certificate, an optional list of trusted certificates and properties for its purpose. It can be thought of as a simplified key store with purpose-specific properties.

Example: An OcspKeyBinding can be used to sign OCSP responses on behalf of a CA. It has a key in an HSM accessible from the EJBCA instance (via a Crypto Token) and an OCSP signing certificate. Additionally the trusted certificates can be used to verify that OCSP requests are sent from a trusted source and additional properties can be used to specify how long an OCSP response should be valid.

The following sections list properties shared by all Internal Key Bindings and Actions available from the Overview page.

For information on the Internal Key Binding types OcspKeyBinding and AuthenticationKeyBinding, see the respective section.

Common Properties

All Internal Key Bindings share the following properties:




OcspKeyBinding or AuthenticationKeyBinding.


Unique identifying number.


A unique and human readable name.

Crypto Token

The Crypto Token where we reference a key pair.

Key Pair Alias

A reference to the currently used key pair in the specified Crypto Token.

Signature Algorithm

The signature algorithm user during signing, for example the signing of an OCSP response.

Next Key Pair Alias

A reference to the next key pair to use in the specified Crypto Token when renewing.

Bound Certificate

A certificate issued for the current key pair's public key.