Registration Authority (RA) For EJBCA Enterprise The EJBCA RA provides a sophisticated toolbox for enrollment of any certificate type. As an external entity to the Certificate Authority (CA), it allows for an additional layer of security around the CA. Why use an RA? A Certificate Authority is a fine thing to have; it registers users, issues certificates, it manages their life-cycles and it revokes them when needed. Yet a CA has no purpose without effective and secure means for users to interact with its functionality, whether these are machines, people or software. Human users need a graphical user interface with which they can issue a certificate request to the CA and machines or applications use online protocols or APIs to automate the issuing process, and for this they both need the EJBCA Registration Authority. It is often desirable to physically separate CA and RA, allowing one to reside in a secure environment with minimal access, while the other can reside in a DMZ or even publicly. In short, an RA is the CA’s face to the world.