In order to allow upgrades of EJBCA with a minimum of fuss, EJBCA supports keeping configurations, key stores and custom modifications in an external directory which will be shared between versions. This technique can also be used easily when performing several identical installations across several instances to share settings.

The ejbca-custom Directory

The base directory is ejbca-custom, which should be placed in the same directory as EJBCA: $ejbca_home/../ejbca-custom. When deploying, ant will replace existing files in the EJBCA directory (with some exceptions, see Configurations). If another directory is desired, it can be configured in the custom.properties file.

Configurations

Configuration files can be placed under ejbca-custom/conf, from which they'll be automatically copied into $ejbca_home/conf prior to deployment. The two exceptions are:

cesecore.properties
ejbca.properties

which for security reasons need to be explicitly allowed to be copied by setting the value allow.external-dynamic.configuration=true in each respective file.

Key Stores

To reuse key stores across installations, they can be placed in ejbca-custom/p12, which will lead them to be copied into $ejbca_home/p12, from where they can be deployed to the application server.

Modifications

Lastly, custom code modifications can be stored in ejbca-custom/src/java, from where they'll be copied straight into the source tree and compiled with the rest of the code.