EJBCA® Enterprise

In the connected society, as the need for trusted data keeps increasing, it is more and more obvious that security and PKI are crucial for all kinds of businesses and organizations. The open source and multipurpose software EJBCA Enterprise supports many integrations and automation possibilities, and issues certificates to humans, servers and IoT devices.

Contact us Download Product Sheet

The world’s most used PKI

Flexible and scalable

EJBCA supports a wide variety of public key infrastructure (PKI) use cases, scenarios, and integrations into other application ecosystems, and is proven in large deployments worldwide.

Open source

Built on open standards and a Common Criteria-certified open source platform, EJBCA brings the transparency and commitment you need for a long-term security solution. 

On-premises, cloud or SaaS

Deploy EJBCA as it suits your needs - either as a turn-key software or hardware appliance, or as a cloud or SaaS PKI.


Tomas Gustavsson
- EJBCA founder and PrimeKey CTO

What PKI offers


By use of digital certificates, all persons, servers and devices in a PKI solution have a unique and secure identity.


With the help of PKI and certificates, all data that is transmitted over unsecured networks is encrypted and safe from unauthorized access.


Digital signing of code, time and documents ensures the authenticity of any data in transit and when at rest.

Features of EJBCA Enterprise

The PKI platform EJBCA Enterprise offers certificate issuing and management, to provide you with trusted identities and secure communication for any use case scenario. EJBCA Enterprise is multitenant and supports multiple Certificate Authorities (CAs) and levels of CAs within one software instance.


Cost-efficient security

Able to protect virtually any use case and area of technology, our EJBCA Enterprise software meets all your needs for Public Key Infrastructure (PKI) and provides various options to let you find the most cost-efficient solution. PrimeKey offers EJBCA as a turn-key software or hardware appliances, or as a cloud or SaaS PKI.



The flexibility and robustness of EJBCA Enterprise provide the capability to serve both small-scale and larger implementations with millions of users or devices in high availability environments, by support for various deployment options, centralized operations and a high level of automation.


Enables compliance

EJBCA Enterprise follows best practices, with detailed, signed audit and transaction logs, role-based authorization and extensive support for hardware security modules. It is Common Criteria certified and already deployed at numerous ETSI/eIDAS- and WebTrust-audited and ePassport reference customers.


Integrates well

With proven integrations into application ecosystems, including IoT devices and DevOps tools, via support for multiple protocols and formats, EJBCA Enterprise is there all along the way on your digitalization journey.

EJBCA deployment options

To account for the unique business challenges of your organization, including security, budget and the availability of internal resources, PrimeKey offers a combination of deployment options to suit your needs today and allow you to grow flexibly over time. 


Software Appliance

Deploy your PKI in your own data center using your native virtualization resources. Select the HSM and the appliance model that best suit your needs.

EJBCA Software Appliance


Hardware Appliance

Select the EJBCA Hardware Appliance when you are looking for an on-premises PKI-in-a-box solution. EJBCA Hardware Appliance is a hardened, high-performance server that comes with the complete hardware and software stack and an HSM. 

EJBCA Hardware Appliance



Enjoy rapid deployment with PKI in a public cloud, with no hardware to purchase and maintain or any upfront software license costs. Our cloud-based PKI solutions are available in AWS and Azure.



EJBCA Software as a Service

If you are looking for a fully hosted and managed PKI solution, then EJBCA SaaS is your choice. It helps limit deployment risks and increase your speed to market.


Do you need a hybrid deployment? 

Do you want to combine on-premises and cloud? Or do you need help to find the best deployment option for your use case? Let us help you!

EJBCA product components

EJBCA comes with or can be used together with the following advanced tools to enroll for and validate certificates:

EJBCA Registration Authority

The EJBCA Registration Authority (RA) is an external entity to the Certificate Authority (CA) for enrollment of any certificate type, allowing for an additional layer of security around the CA.

Read more

EJBCA Validation Authority

EJBCA Validation Authority (VA) enables online certificate verification by use of OCSP or CRLs.

Read more

Certificate Auto-enrollment

With the Certificate Auto-enrollment feature in EJBCA Enterprise, you can remove any need to use Microsoft CAs and completely leverage the full flexibility of EJBCA Enterprise and Active Directory.

Read more

Identity Authority Manager

Industrial-grade PKI Registration Authority (RA) hardware that can be used together with EJBCA to issue product certificates directly on the manufacturing floor.

Read more

EJBCA eIDAS edition

With EJBCA eIDAS edition as hardware or software appliance, you get a complete feature set to operate a full-blown eIDAS-compliant Public Key Infrastructure (PKI). 

Read more about our eIDAS solutions

Download EJBCA Hardware Appliance eIDAS product sheet

Related resources

On-demand webinar
EJBCA Enterprise

Webinar: PKI as Code – Automating PKI Deployment with Ansible

Using Ansible as an automation and configuration tool can rapidly support new PKI use cases in drastically shorter time frames than previous manual deployments. Siemens has used Ansible to enable PKI deployments–that previously took days or weeks to set...
tomas gustavsson
Blog post
Connected vehicles
EJBCA Enterprise

Securing the Identities of Connected Cars

Securing the identities of connected cars A Hybrid Approach to PKI Deployment for Modern Manufacturers Manufacturing is one of the most attacked industries, facing a range of cybersecurity challenges. The proliferation of DevOps and distributed IoT de...
Android signing schemes, compliance and crypto agility
EJBCA Enterprise
SignServer Cloud
SignServer Enterprise

Thales Data Protection on Demand with PrimeKey’s Flexible Deployment Options

Thales Data Protection on Demand (DPoD) is a cloud-based HSM (Hardware Security Module) platform that provides on-demand encryption and key management services through an online marketplace. This means that there is no HSM hardware to buy, deploy and ma...

Customer stories for EJBCA Enterprise

communication tower. cell, radio and television antennas on top

EJBCA Enterprise, Telecom

Powering 5G innovation through security, open standards and flexible integration

Attorneys talking

EJBCA Enterprise, Enterprise, Trust Service Provider

Bundesnotarkammer – Innovation and security in German notaries

DGN Customer Story, PrimeKey

EJBCA Enterprise, Enterprise, Trust Service Provider

Securing and enabling German healthcare


Document signing, EJBCA Enterprise, SignServer Enterprise, Timestamping, Trust Service Provider

The Faroe Islands – Creating a Future-Proof National e-ID

vault and businessman

Bank & Finance, EJBCA Enterprise, Trust Service Provider

Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry

EJBCA Telecom

EJBCA Enterprise, PKI migration, Trust Service Provider

Swisscom – Becoming eIDAS compliant and migrating from RSA to EJBCA Enterprise

Solutions based on EJBCA

Supply Chain Security

Ensure product integrity and security with trusted digital identities from birth

Securing IoT and IIoT devices

Protect data and devices when connecting your solution to untrusted networks

Becoming an eIDAS (Q)TSP

Enable eIDAS compliance and electronic signatures

PKI migration

Consolidate or upgrade your public key infrastructure

Enabling ePassports

Produce and verify ePassports with our dedicated PKI solution

Contact us

Fill in your contact information below and we will get in touch with you.