diff --git a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
index 3368b3f2f79d..4ce27a4deaa7 100644
--- a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
+++ b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
@@ -354,11 +354,11 @@ ejbca_generate_ca() {
             --caname "$EJBCA_CA_NAME" \
             --tokenType "soft" \
             --tokenPass "null" \
-            --keytype "RSA" \
-            --keyspec "3072" \
-            -v "3652" \
-            --policy "null" \
-            -s "SHA256WithRSA" \
+            --keytype "$EJBCA_CA_KEYTYPE" \
+            --keyspec "$EJBCA_CA_KEYSPEC" \
+            -v "$EJBCA_CA_CERT_VALIDITY" \
+            --policy "$EJBCA_CA_CERT_POLICY_ID" \
+            -s "$EJBCA_CA_CERT_SIGNATURE_ALGORITHM" \
             -type "x509"
 
         info "Add superadmin user"
@@ -565,8 +565,14 @@ ejbca_initialize() {
         export EJBCA_KEYSTORE_PASSWORD
         EJBCA_WILDFLY_ADMIN_PASSWORD="${EJBCA_WILDFLY_ADMIN_PASSWORD:-$(generate_random_string -t alphanumeric)}"
         export EJBCA_WILDFLY_ADMIN_PASSWORD
-        EJBCA_BASE_DN="${EJBCA_BASE_DN:-O=Example CA,C=SE,UID=c-$(generate_random_string -t alphanumeric)}"
-        export EJBCA_BASE_DN
+
+        ## Initial certificate setup
+        export EJBCA_BASE_DN="${EJBCA_BASE_DN:-O=Example CA,C=SE,UID=c-$(generate_random_string -t alphanumeric)}"
+        export EJBCA_CA_KEYTYPE="${EJBCA_CA_KEYTYPE:-RSA}"
+        export EJBCA_CA_KEYSPEC="${EJBCA_CA_KEYSPEC:-3072}"
+        export EJBCA_CA_CERT_VALIDITY="${EJBCA_CA_CERT_VALIDITY:-3652}"
+        export EJBCA_CA_CERT_POLICY_ID="${EJBCA_CA_CERT_POLICY_ID:-null}"
+        export EJBCA_CA_CERT_SIGNATURE_ALGORITHM="${EJBCA_CA_CERT_SIGNATURE_ALGORITHM:-SHA256WithRSA}"
 
         # Check if external keystore
         if [[ -f "$EJBCA_SERVER_CERT_FILE" && -n "$EJBCA_SERVER_CERT_PASSWORD" ]]; then
diff --git a/bitnami/ejbca/README.md b/bitnami/ejbca/README.md
index 5f7e0b7f11b4..f7debbe7cc31 100644
--- a/bitnami/ejbca/README.md
+++ b/bitnami/ejbca/README.md
@@ -163,6 +163,11 @@ The EJBCA instance can be customized by specifying environment variables on the
 - `EJBCA_DATABASE_PASSWORD`: Database password. No defaults.
 - `EJBCA_BASE_DN`: Base DN for the CA. Defaults to `O=Example CA,C=SE,UID=c-XXXXXXX`, where `XXXXXXX` is a random generated ID.
 - `EJBCA_CA_NAME`: CA Name. Defaults to `ManagementCA`
+- `EJBCA_CA_KEYTYPE`: Initial keytype for the CA certificate. Defaults to `RSA`.
+- `EJBCA_CA_KEYSPEC`: Initial keyspec for the CA certificate. Defaults to `3072`.
+- `EJBCA_CA_CERT_VALIDITY`: Initial certificate validity in days for the CA certificate. Defaults to `3652`.
+- `EJBCA_CA_CERT_POLICY_ID`: Initial certificate policy ID for the CA certificate. Defaults to `null`.
+- `EJBCA_CA_CERT_SIGNATURE_ALGORITHM`: Initial certificate signature algorithm for the CA certificate. Defaults to `SHA256WithRSA`.
 - `JAVA_OPTS`: Java options. Defaults to `-Xms2048m -Xmx2048m -XX:MetaspaceSize=192M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dhibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb`.
 - `EJBCA_SERVER_CERT_FILE`: User provided keystore file. No defaults.
 - `EJBCA_SERVER_CERT_PASSWORD`: User provided keystore file password. No defaults.