Peer Systems

ENTERPRISE This is an EJBCA Enterprise feature.

For more information about how to work with Peer Systems, see Peer Systems Operations.

An EJBCA instance can be both target and initiator of remote operations from another EJBCA instance. Connections are made using dual authenticated HTTPS. This is similar to how you use a client certificate to authenticate to the Admin GUI and then manage an EJBCA instance, but in this case the configured administrator is another EJBCA instance.

Generally, the instance with higher security requirements (e.g. an EJBCA acting as CA) initiates connections to a system with lower security requirements (e.g. an EJBCA acting as VA or RA).

In the Peer Systems overview you can:

  • Modify global settings like enabling or disabling incoming connections.

  • View a list of configured known EJBCA Peer Systems that this instance can connect to (Peer Connectors) and their current connection status.

    • Connection URL, i.e. https://remotehost:8443/ejbca/peer/v1

    • Connection pool status, connections in use / ready / max / queued

    • Synchronization status, if peer connection is started

    • Client and server TLS certificate information

    • Role used for incoming connection, if enabled

  • View a list of systems that have connected to this instance recently (Incoming Connections).

Additionally, links are available to the relevant authentication settings for outgoing connections (AuthenticationKeyBinding) and incoming connections (Administrator Role).

For more information on how to set up Peer Connectors, see Peer Systems Operations.