When enable-ca-profile-sync parameter is set to true, CA Gateway synchronizes EJBCA profiles as explained below.
- CA Gateway queries EJBCA certificate authorities for End Entity Profiles and Certificate Profiles.
- CA Gateway combines each End Entity Profile with its corresponding Certificate Profiles.
Each generated profile is defined by a combination of an End Entity Profile identifier and a Certificate Profile identifier.
- CA Gateway looks in its configuration for profiles where the
certificate-profileandend-entity-profileproperties match the End Entity Profile and Certificate Profile identifiers of an EJBCA-generated profile.- If a profile exists, CA Gateway uses the EJBCA-generated profile to complete only the missing profile settings. As manually set values always take precedence.
- If the profile does not exist, CA Gateway uses the EJBCA-generated profile to create a new profile.
- On certificate enrollment, the requestedProperties also take precedence over EJBCA profile settings.