In order to allow upgrades of EJBCA with a minimum of fuss, EJBCA supports keeping configurations, key stores and custom modifications in an external directory which will be shared between versions. This technique can also be used easily when performing several identical installations across several instances to share settings.

The ejbca-custom Directory

The base directory is ejbca_custom, which should be placed in the same directory as EJBCA: $ejbca_home/../ejbca-custom. When deploying, ant will replace existing files in the EJBCA directory (with some exceptions, see Configurations). If another directory is desired, it can be configured in the custom.propertiesfile.

Configurations

Configuration files can be placed under ejbca_custom/conf, from which they'll be automatically copied into $ejbca_home/conf prior to deployment. The two exceptions are:

cesecore.properties
ejbca.properties

which for security reasons need to be explicitly allowed to be copied by setting the value allow.external-dynamic.configuration=truein each respective file.

Key Stores

To reuse key stores across installations, they can be placed in ejbca_custom/p12, which will lead them to be copied into $ejbca_home/p12, from where they can be deployed to the application server.

Modifications

Lastly, custom code modifications can be stored in ejbca_custom/src/java, from where they'll be copied straight into the source tree and compiled with the rest of the code.