System Configuration

   

The title of the site.

You can customize the header logo, using the image uploader in this section. File size should no bigger than 250KB and only jpg, jpeg and png formats are accepted.
Choose a header logo

Check this field if you want to use end entity access control.
Activate
Activate
Force Local Key Generation

Enable this checkbox to deliver certificate chains root first in the RA Web
Root Certificate first

Terminate TLS session after specified time of inactivity. This feature only works with IE6+ browsers
Use

Settings for the healthcheck servlet.

Clear all the caches on all nodes. The following caches are cleared: Global Configuration Cache, CMP Configurations Cache, SCEP Configuration Cache, End Entity Profile Cache, Certificate Profile Cache, Authorization Cache, CA Cache, CryptoToken Cache, Publisher Cache, Internal KeyBinding Cache, OCSP Signer Cache, OCSP Extensions Cache, CT Caches, Certificate Store Cache, MS Auto-Enrollment Key Exchange Certificate Cache and MS Auto-Enrollment Certificate Template Cache.

Note that after clearing the cache, if not excluded, all CryptoTokens that are manually activated will go off-line.
Exclude Active Manually-Activated CryptoTokens

This number defines the maximum amount of rows that can be retrieved from the database in a single transaction.

This number defines the timeout in milliseconds for certain database queries. 0 means disabled. Requires JDBC and database support to work.

When one of these characters is found in any string that should be stored in the database it will be replaced by a forward slash (/). The same replacement will also be done when searching for those values. Be aware that changing this value will modify how values are stored and searched for in the database, and is strongly not advised.

When generating large CRLs, the RAM of the Java process will limit how many entries that can be fetched from the database at the time. A small value will lead to multiple round-trips to the database and CRL generation will take more time. The heap usage can be estimated to roughly 600 bytes * rows per database read. The default of 0.5M revoked entries per database round trip will usually fit within a 2GiB heap assigned to the application server. If multiple large CRLs are generated at the same time, the used heap will be the sum of the heap used by each CRL generation.

Whether EJBCA should request ordered fetching of revoked certificates when generating CRLs. EJBCA relies on Hibernate to return data in batches. However, Microsoft SQL Server 2016 is known to return duplicates and/or missing entries when multiple batches are read. The setting below is a workaround for this problem.

These scenarios include and are not exhaustive to operations in remote peers, EMPTY end entity profile, certain exception stack traces, etc.
Enable
Enable

Enable Super Administrator access from the local command line interface (CLI). Warning: Disabling this makes it impossible to use the CLI for any operation that requires administrator rights including renewing the Super Administrator certificate. Please, make sure to renew the administrator certificates using the Admin Web before they expire!
Activate

Enable the default CLI user defined in ejbca.properties. Disabling this user will cause the Command Line Interface to require authentication for all CLI operations.
Activate
 
© 2002–2026. EJBCA® is a registered trademark.