I am learning how to install and use EJBCA to deploy an enterprise PKI. I know I can install EJBCA using a quick install configuring the script ejbca-setup like is explained here, and I also have tested a longer install process with WildFly 10 like explained here. In both variants I need to create a default ManagementCA and I can make some configuration changes related to the database I'm using and other things during the installation process. My problem is I need to install a CA of subCA type, and my subCA private key comes in a PKCS12 or PEM file from the root CA (I'm not completelly sure about the format yet).
Right now I know I can install EJBCA with the default CA and then create my subCA as a second one like is explained here, but I want to know if I can create this subCA as my first CA at the installation process, because I dont't need the default CA. Also if I have to create the default CA mandatorily I want to know if I can remove this default CA after I create my subCA without problems or if this first default CA is some kind of special CA for EJBCA.
The default ManagementCA is nothing special and can be deleted.
You can make the initial installation using an external CA for administrator certificates if you like. Documented here: https://doc.primekey.com/ejbca/ejbca-installation/installing-ejbca/install-ejbca-as-a-ca-without-a-management-ca Note the "-superadmincn" argument which binds your externally issued certificate to the suprt administrator role during the installation.