EJBCA Batch Enrollment GUI

The EJBCA Batch Enrollment GUI is a standalone Java desktop application used to enroll multiple end entities from certificate signing requests at once. The application communicates with EJBCA via the Web Services interface and you need to be logged in as an authorized administrator in order to perform operations.

This tool has not been recently maintained, and may not be fully compatible with current versions of EJBCA.

Build and Run

Build the application from the EJBCA directory by running:

$ ant batchenrollment-gui

To start with scripts, run one of the following:

$ bin/batchenrollmentgui.sh

or

$ bin/batchenrollmentgui.cmd

Use

Upon startup, the connection dialog asks for connection information and login credentials. You need to supply some sort of truststore and keystore in the same way as when using the Web Services interface. When using PKCS11 the keystore file path should be the path to the PKCS#11 shared library.

Enroll end entities:

  1. Drag certificate signing requests to the table in the main window or click Add to browse for the files.

  2. For each request, map it to an end entity and choose an output filename for the resulting certificate.

  3. Click Enroll.

The GUI can guess which end entity the request belongs to if the file name contains the name of an existing end entity. For instance, if the request files are named user1-00002.csr, user2-00002.csr, and user3-00002.csr and there exists end entities in EJBCA user1, user2, and user3, then they will already be selected.

Signed Requests

The application also supports signed certificate signing requests. Thus, requests that are wrapped in a PKCS#7/CMS structure also containing a signature and a signing certificate that can be verified by the application before issuing the certificate. In order for the verification to work, the Batch Enrollment GUI needs to have a PEM file with trusted certificates configured under the menu Edit > Settings.

Reported Issues

The following covers reported issues running on certain OSes and some versions of Java.

Exception in thread

If you get the following error message:

Exception in thread "main" java.awt.AWTError: Assistive Technology not found: org.GNOME.Accessibility.AtkWrapper

Then comment out the following from the file /etc/java-8-openjdk/accessibility.properties:

assistive_technologies=org.GNOME.Accessibility.AtkWrapper

Failed to load module

If you get a warning when running the GUI:

Gtk-Message: 13:56:46.376: Failed to load module "canberra-gtk-module"

Then install the missing dependencies by running:

$ sudo apt install libcanberra-gtk-module libcanberra-gtk3-module