EJBCA GUI HA

[PhilLaCiotat]

Hello Community,
My pb is when having 2 or more ejbca PODs running (under k8s), the GUI can create 2 times the same key in Crypto-token HSM, if access one time to the 1st POD and immediately after tries the creation again (so on 2nd pod due to loadbalancing)
Then in this case 2nd POD is not synchronized with 1st and don't see the just created key... so creating it again is possible (and dramatic !)
My question : how to improve sync between PODs..?
Of course all PODs are accessing the same DB...

[primetomas]

CA key generation is a sensitive process and should generally be performed very controlled.
as noted in the documentation the Java PKCS11 provider does not update if keys have been generated from another process and you probably have to restart the pod in order to list keys created by another pod.
Define a key ceremony that you follow, avoiding trying to generate the same key twice, you should not try to do that I don’t quite understand why you do it unless it’s just for testing?

see here: https://docs.keyfactor.com/ejbca/latest/generic-pkcs-11-provider