Under profiles.<profile>, add a properties section with the following EJBCA-specific settings.
certificate-profile
The name of the certificate profile in EJBCA.
Mandatory: Yes.
When enable-ca-profile-sync is set to true, this setting is automatically populated; however, manually configured values take precedence.
end-entity-profile
The name of the end-entity profile in EJBCA.
Mandatory: Yes.
When enable-ca-profile-sync is set to true, this setting is automatically populated; however, manually configured values take precedence.
key_client_generated
The key generation mode.
Value | Key generation | Default |
|---|---|---|
true | Generate the keys on the client side with a CSR |
|
false | Generate the keys on the server side, in a PKCS #12 |
When enable-ca-profile-sync is set to true, this setting is automatically populated; however, manually configured values take precedence.
key-recoverable
The key recovery status.
Value | Key recovery | Default |
|---|---|---|
true | Server-side-generated keys can be recovered | |
false | Server-side-generated keys cannot be recovered |
|
When enable-ca-profile-sync is set to true, this setting is automatically populated; however, manually configured values take precedence.