Hosted, Managed & Secure PKI: EJBCA® SaaS

Sign up on AWS:

Sign up

Already a customer? Log in here:

Log in to EJBCA SaaS

The full power of the EJBCA®  PKI without the headache of managing the underlying infrastructure

EJBCA SaaS will provide you with the full power of EJBCA Enterprise, but without the need for managing the underlying infrastructure. Set up your EJBCA instance on AWS and we will make sure that your PKI infrastructure will be managed according to best practices and with the highest assurance. Choose your preferred subscription, leverage the elasticity and global presence of the service as you scale your infrastructure and rest assured that you will have a guaranteed SLA that you won’t have to maintain.

person smiling
Dashboard EJBCA SaaS

Secure your access to resources and expertise

Installing and maintaining a full blown Public Key Infrastructure (PKI) requires resources and expertise. Any Certificate Authority software, such as EJBCA, relies on a robust technology stack and as always when security and compliance are in focus, there is a constant need of monitoring, maintenance and updates. By choosing to deploy EJBCA SaaS you don’t need to worry about that. EJBCA SaaS reduces your internal need to manage yet another critical infrastructure component and it allows you to focus on your core business, whilst assured the highest level of security for your business critical application. Own your PKI but let us take care of the underlying infrastructure.

World class PKI

Advanced Certificate Authority technology

EJBCA SaaS is just that; EJBCA. As a Service. And what do we mean by that? It means that you get access to all the advanced functionalities and abilities of EJBCA, something you normally won’t get with PKI aaS solutions. You can set up complex PKI use cases with large number of certificates, set up unlimited number of CAs and hierarchies and you can integrate and automate using any of the built in supported standard protocols or APIs. With EJBCA SaaS you are in full control of setting up your PKI and certificate services as needed for your use cases today and tomorrow. All customers have their own dedicated offline root – with full user activation / deactivation control. The service will provide you with the power of one of the most flexible and robust open source PKI products out there, without the need to manage the underlying technology stack.

For full service transparency EJBCA SaaS includes monitoring and reporting services such as:

  • PKI health status
  • Total certificates generated, per month and day
  • 24 hour chart showing certificate generation trends
  • Quantity of certificates generated by profile
  • Certificate expiration quantities over the next 30/60/90 days

It is really easy to get started!

EJBCA SaaS is offered on the AWS public cloud and setting up your solution starts with registering on the AWS marketplace. Once registered you will be directed to the EJBCA SaaS portal where the underlying infrastructure will be set up automatically for you. No need to discuss your solution with a sales representative and you are ready to go within 30 minutes. Through the EJBCA user interface you can then set up and manage your PKI solution as you prefer.

Need any help? We have open and free quick start guides, how-to’s and product documentation for you to take part of, as well as 24/7 support services. Our skilled PKI professionals in Professional services can further support you with the PKI configuration and integration upon request.

EJBCA SaaS Setup

Get your instance

1. Sign up for the services on the AWS marketplace

    • Select your EJBCA SaaS subscription and configure your contract details

2. PKI Service set-up and configuration via the PrimeKey SaaS portal

    • Set-up your account, enter a few configuration details and your PKI is ready to be deployed

Run your PKI

3. Start your PKI set-up, define your CAs and leverage all protocols and open APIs, available for full application integration and automation


More than PKI as a Service

Full access to EJBCA Enterprise

and all of its features and flexibility.

Instant subscription through the AWS Marketplace

No sales process required

No vendor lock in

AWS accounts holding private keys can be handed back if needed

On demand

performance and capacity upgrades

Choose your HSM

AWS KMS or AWS CloudHSM (coming soon)

Visibility and control

through dashboards

Subscription offers

EJBCA SaaS is available in different sizes where you can scale as you grow. For a full specification of the different options, see PrimeKey Documentation.

Use Case
Non-Production PoC/Lab/Dev/Test


Certificate capacity 
10 K

Certificate performance capacity with KMS
10 Certificates per second

OCSP performance capacity with KMS
25 OCSP responses per second

Geographic availability
1 Region – US or EU or AP, 1 Availability zone

Sign up

Use Case
Small production workloads and Corporate IT workloads

99.95 %

Certificate capacity
250 K

Certificate performance capacity with KMS
25 Certificates per second

OCSP performance capacity with KMS
50 OCSP responses per second

Geographic availability
1 Region – US or EU or AP, 2 Availability zones

Sign up

Use Case
Typical production workloads, Manufacturing / IIoT, Large corporate IT workloads


Certificate capacity
2.5 M

Certificate performance capacity with KMS
80 Certificates per second

OCSP performance capacity with KMS
100 OCSP responses per second

Geographic availability
1 Region – US or EU or AP, 2 Availability zones

Sign up

Coming soon…

Coming soon

Coming Soon


Find all the detailed information you need – about the service, how to get started, product specifications, and more – on the PrimeKey Documentation pages.

EJBCA SaaS Documentation pages


Real life example of EJBCA SaaS

EJBCA SaaS can be deployed for advanced use cases in demanding situations. Some real life examples are:


Med Tech

For large Med Tech companies providing medical technology monitoring vital values of patients in their everyday life, EJBCA SaaS can be used to provide security to their solutions. Key factors in a security solution for this use case is a need of a high level of security as it concerns the life and integrity of patients. It also needs to be globally available and elastic. And, finally it needs to be scalable as the amount of certificates grow. With no in house knowledge about PKI, many Med Tech companies hire external security consultants and aims to keep the billable hours low but the security level high. EJBCA SaaS, with its advanced PKI and minimal level of administration is thereby the optimal choice.



The Internet of Things (IoT) has transformed the car industry, changing the way that people look at the driving experience. Electrical vehicles or connected cars offer the manufacturers, battery suppliers, insurance companies, and other service providers the opportunity to expand their offering while enabling them to gather important data about performance, maintenance, and driving behavior. However the data is of no use if it can not be trusted. PKI and EJBCA SaaS gives service providers the ability to engage in new and secure ways with the customer and their vehicles.


Microsoft Intune

Mobile devices store and transfer an incredible amount of corporate and personal data and more and more devices are entering enterprise networks every day. The IT department is responsible for making sure these devices are always secure. Intune is a Microsoft Mobile Device Management (MDM) enterprise solution that can manage devices and enable compliance with corporate security requirements. Using Certificates and PKI to enable strong authentication for mobile devices towards applications or networks is typically one of the fundamental security requirements and this is supported by Intune together with PrimeKey EJBCA SaaS as a certificate service.

How can we help?

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us