Skip to main content

Create an enrollment profile for an EJBCA CA connector

Create an IoT Trust Manager enrollment profile to set enrollment methods and parameters for requesting certificates from your EJBCA server.

Before you begin

Make sure you have:

  • At least one CertCentral CA connector.

  • At least one IoT Trust Manager certificate profile that is associated with an EJBCA CA connector.

  • Make sure you know the EJBCA issuing CA you want to use.


    For EJBCA version 7.9 and earlier, make sure you have the exact name of the EJBCA issuing CA you want to use.

  1. In DigiCert ONE, in the Manager menu (top right), select IoT Trust.

  2. In the IoT Trust Manager menu, select Enrollment configurations > Enrollment profiles.

  3. Select Create enrollment profile.

  4. Enter an enrollment profile name.

  5. Select a device profile.

  6. For CA source, select EJBCA API.

  7. Select the allowed certificate enrollment methods and select Next.

  8. Select a certificate profile and review the details to confirm the profile you want to use. Select Next.

  9. Select the EJBCA issuing CA you want to use for certificate issued through this enrollment profile.

    • For EJBCA versions 7.10 and later, select the issuing CA.

    • For EJBCA version 7.9 and earlier, enter the exact name of the issuing CA.

  10. Set keypair generation options and select Next.

  11. (Optional) Define field mapping and select Next.

  12. (Optional) Define usage restrictions and select Finish.

What's next

Use this enrollment profile to request certificates issued from your EJBCA server.