An RA can be configured for public access using a PublicAccessAuthenticationToken . This allows anyone to navigate to /ejbca/ra without having to present a certificate.
To configure an RA for public access, go to /ejbca/adminweb/administratorprivileges/roles.xhtml and add a new member to any role. The member should have "Match with" set to "PublicAccessAuthenticationToken : Any transport (HTTP or HTTPS)", "PublicAccessAuthenticationToken: Non-confidential transport (HTTP)" or "PublicAccessAuthenticationToken: Confidential transport (HTTPS)".
The CA Web (/ejbca/adminweb) cannot be configured for Public Access. To access the CA web requires a certificate.
It is also possible to configure the RA for public access using the CLI like this:
./ejbca.sh roles addrolemember --caname
"RA Administrator Role"