When Enable CA Profile Sync parameter is set to true, CA Gateway synchronizes EJBCA profiles as explained below.
- CA Gateway queries EJBCA certificate authorities for End Entity Profiles and Certificate Profiles.
- CA Gateway combines each End Entity Profile with its corresponding Certificate Profiles.
Each generated profile is defined by a combination of an End Entity Profile identifier and a Certificate Profile identifier.
- CA Gateway checks its configuration for profiles where the End Entity Profile and Certificate Profile values match the identifiers of an EJBCA-generated profile.
- If a profile exists, CA Gateway uses the EJBCA-generated profile to complete only the missing profile settings. As manually set values always take precedence.
- If the profile does not exist, CA Gateway uses the EJBCA-generated profile to create a new profile.
- On certificate enrollment, requested properties also take precedence over EJBCA profile settings.