EJBCA Enterprise PKI By Prime Key

PrimeKey Logo

EJBCA (Enterprise Java Beans Certificate Authority)

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used stand-alone or integrated in other JEE applications.
EJBCA is an enterprise class PKI, meaning that you can use EJBCA to build a complete PKI infrastructure for your organization. If you only want to issue a few single certificates for testing, there are probably options that will get you started quicker, but if you want a serious PKI we recommend EJBCA.

EJBCA has everything for your trust center. 
You can use EJBCA to issue certificates for different purposes such as:
  • Strong authentication for users accessing your intranet/extranet/internet resources.
  • Secure communication with SSL servers and SSL clients.
  • Smart card logon to Windows and/or Linux.
  • Signing and encrypting email.
  • VPN connections by issuing certificates to your VPN routers such as OpenVPN, Cisco, Juniper etc.
  • Client VPN access with certificates in users VPN clients.
  • Single sign-on by using a single certificate to secure logon to web applications.
  • Creating signed documents.
  • Mobile PKI, enrolling iOS etc.
  • Secure mobile networks, i.e. 3GPP/LTE/4G using the CMP protocol.
  • Counterfeit prevention by signing and pairing accessories.
  • Issue citizen certificates for access to government resources, used in passports etc.
  • Create CVCAs and DVs and issue CV certificates (CVC) to Document Verifiers and Inspection Systems for EU EAC ePassports.
  • ... and many many more ...

You can also use EJBCA to set up a CA independent, high performance, highly available OCSP responder service.
Together with sister projects (see Complementary software) of EJBCA you can also:
  • Get central trusted Time Stamps for you electronically signed documents.
  • Perform central signing of documents.
  • Sign electronic passport data (MRTD).
  • Issue hard tokens (smart cards) and manage the complete life cycle of cards and certificates.
  • ... and many many more ...

Open Source PKI

This PKI software is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.
The source code of EJBCA is hosted on a (mostly) public svn and all downloads include the complete source code can be downloaded from Sourceforge.net.
If you want to contribute to EJBCA, please see Contribute to EJBCA

Support and development

Commercial support, development, integration and maintenance for EJBCA is available through PrimeKey Solutions.


Here is a list of some of the good organizations that have sponsored development of certain features in EJBCA.
EJBCA 3.1 and later contains support for nCipher HSM. The development of this functionality was sponsored by Linagora, www.linagora.com.
New features in EJBCA 3.2 such as QC statement and external OCSP responders was sponsored by CTec Security Solutions, http://www.commguard.com/.
EJBCA 3.3 and later contains support for LunaHSM (SafeNet). The development of this functionality was sponsored by Atos Worldline http://www.atosworldline.com/index_FR.htm and done with the support of Linagora http://www.linagora.com.
New features in EJBCA 3.3 such as Internal RA Approval and Subject Directory Attributes was sponsored by Simetri Yazilim A.S., http://www.simetri.com/.
New features in EJBCA 3.4 such as CMP, XKMS, services framework and much more was sponsored by GIE Cartes Bancaires and Linagora.
The Marlin Trust Management Organization (MTMO) will be using EJBCA to provide key management services for the commercial adoption of Marlin DRM. EJBCA 3.4.0 supports RSA and ECC implementations of the Marlin PKI infrastructure.
ECC implementation and other improvements were implemented with the support of the MTMO.
EJBCA 3.5 contains generic PKCS#11 interface to HSMs, supporting among others the Utimaco CryptoServer. This development was sponsored by Utimaco.
New in the HSM support is the AEP Keyper HSM.
EJBCA 3.7 contains support for CVC CAs used for EU EAC ePassports. This development was sponsored and contributed by the Swedish National Police Board.
EJBCA 3.10 contains an enrollment Web GUI for the External RA. This development was sponsored by APNIC.


For Prime Key:

0 yorum: