Configure an RA for Public Access
An RA can be configured for public access using a PublicAccessAuthenticationToken . This allows anyone to navigate to /ejbca/ra without having to present a certificate.
The CA Web (/ejbca/adminweb) cannot be configured for Public Access since accessing the CA Web requires a certificate.
You can configure an RA for public access either using the Admin Web or the EJBCA CLI:
- To configure an RA for public access, go to /ejbca/adminweb/administratorprivileges/roles.xhtml and add a new member to any role. The member should have Match with set to one of the following: - PublicAccessAuthenticationToken : Any transport (HTTP or HTTPS) 
- PublicAccessAuthenticationToken: Non-confidential transport (HTTP) 
- PublicAccessAuthenticationToken: Confidential transport (HTTPS) 
 
- To configure the RA for public access using the CLI, run the following: - ./ejbca.sh roles addrolemember --caname- ""- --role- "RA Administrator Role"- --value- ""- --with PublicAccessAuthenticationToken:TRANSPORT_ANY