An OpenSSL based CA has the CA keys and certificate as PEM files (or the CA private key on an HSM), and issued subscriber certificates as PEM files.
You can convert a PEM-style Root CA key to a PKCS12 file that can be imported in EJBCA:
The following EJBCA CA UI menu options and CLI commands allow you to import these and continue operations transparently:
- To import a PKCS#12 file with CA private key and certificate, select the EJBCA CA UI menu option Edit Certificate Authorities > Import CA keystore.
- To import CA keys from a PKCS#12 file or an HSM, use the CLI command
bin/ejbca.sh ca importca. - To import user certificates, use the CLI command
bin/ejbca.sh ca importcert. - To import CRLs (revocation information), use the CLI command bin/ejbca.sh ca importcrl.