EJBCA® Enterprise

In the connected society, as the need for trusted data keeps increasing, it is more and more obvious that security and PKI are crucial for all kinds of businesses and organizations. The open source and multipurpose software EJBCA Enterprise supports many integrations and automation possibilities, and issues certificates to humans, servers and IoT devices.

Contact us Download Product Sheet

The world’s most used PKI

Flexible and scalable

EJBCA supports a wide variety of public key infrastructure (PKI) use cases, scenarios, and integrations into other application ecosystems, and is proven in large deployments worldwide.

Open source

Built on open standards and a Common Criteria-certified open source platform, EJBCA brings the transparency and commitment you need for a long-term security solution. 

On-premises, cloud or SaaS

Deploy EJBCA as it suits your needs - either as a turn-key software or hardware appliance, or as a cloud or SaaS PKI.


Tomas Gustavsson
- EJBCA founder and PrimeKey CTO

What PKI offers


By use of digital certificates, all persons, servers and devices in a PKI solution have a unique and secure identity.


With the help of PKI and certificates, all data that is transmitted over unsecured networks is encrypted and safe from unauthorized access.


Digital signing of code, time and documents ensures the authenticity of any data in transit and when at rest.

Features of EJBCA Enterprise

The PKI platform EJBCA Enterprise offers certificate issuing and management, to provide you with trusted identities and secure communication for any use case scenario. EJBCA Enterprise is multitenant and supports multiple Certificate Authorities (CAs) and levels of CAs within one software instance.


Cost-efficient security

Able to protect virtually any use case and area of technology, our EJBCA Enterprise software meets all your needs for Public Key Infrastructure (PKI) and provides various options to let you find the most cost-efficient solution. PrimeKey offers EJBCA as a turn-key software or hardware appliance, or as a cloud or SaaS PKI.



The flexibility and robustness of EJBCA Enterprise provide the capability to serve both small-scale and large-scale, enterprise implementations with millions of users or devices in high availability environments, by support for various deployment options, centralized operations and a high level of automation.


Enables compliance

EJBCA Enterprise follows best practices, with detailed, signed audit and transaction logs, role-based authorization and extensive support for hardware security modules. It is Common Criteria certified and already deployed at numerous ETSI/eIDAS- and WebTrust-audited and ePassport reference customers.


Integrates well

With proven integrations into application ecosystems, including IoT devices and DevOps tools, via support for multiple protocols and formats, EJBCA Enterprise is there all along the way on your digitalization journey. See also PKI and Signature Services for Microservices and DevOps Environments. 

EJBCA deployment options

To account for the unique business challenges of your organization, including security, budget and the availability of internal resources, PrimeKey offers a combination of deployment options to suit your needs today and allow you to grow flexibly over time. 


Software Appliance

Deploy your PKI in your own data center using your native virtualization resources. Select the HSM and the appliance model that best suit your needs.

EJBCA Software Appliance


Hardware Appliance

Select the EJBCA Hardware Appliance when you are looking for an on-premises PKI-in-a-box solution. EJBCA Hardware Appliance is a hardened, high-performance server that comes with the complete hardware and software stack and an HSM. 

EJBCA Hardware Appliance



Enjoy rapid deployment with PKI in a public cloud, with no hardware to purchase and maintain or any upfront software license costs. Our cloud-based PKI solutions are available in AWS and Azure.



EJBCA Software as a Service

If you are looking for a fully hosted and managed PKI solution, then EJBCA SaaS is your choice. It helps limit deployment risks and increase your speed to market.


Do you need a hybrid deployment? 

Do you want to combine on-premises and cloud? Or do you need help to find the best deployment option for your use case? See our documentation on hybrid PKI deployments or get in touch with us. 

EJBCA product components

EJBCA comes with or can be used together with the following advanced tools to enroll for and validate certificates:

EJBCA Registration Authority

The EJBCA Registration Authority (RA) is an external entity to the Certificate Authority (CA) for enrollment of any certificate type, allowing for an additional layer of security around the CA.

Read more

EJBCA Validation Authority

EJBCA Validation Authority (VA) enables online certificate verification by use of OCSP or CRLs.

Read more

Certificate Auto-enrollment

With the Certificate Auto-enrollment feature in EJBCA Enterprise, you can remove any need to use Microsoft CAs and completely leverage the full flexibility of EJBCA Enterprise and Active Directory.

Read more

Identity Authority Manager

Industrial-grade PKI Registration Authority (RA) hardware that can be used together with EJBCA to issue product certificates directly on the manufacturing floor.

Read more

EJBCA eIDAS edition

With EJBCA eIDAS edition as hardware or software appliance, you get a complete feature set to operate a full-blown eIDAS-compliant Public Key Infrastructure (PKI). 

Read more about our eIDAS solutions

Download EJBCA Hardware Appliance eIDAS product sheet

Related resources

EJBCA Enterprise
PKI migration

Migrating to Microsoft Azure with a Modern PKI

Taking the holistic approach on your migration to the cloud Security cannot be an afterthought. The one thing you can be certain of is that the need for certificates will grow as your business is digitalized. A holistic approach on cloud migration, in...
Blog post
EJBCA Enterprise

Enlightened enrollment: The book of five certificate enrollment protocols

In this blog post, Mike Agrenius Kushner in his role of Product Architect is going to present a layman’s guide to PKI enrollment over API and five of the protocols supported today by EJBCA.    Remember, if you were there, your first day of university...
Blog post
EJBCA Enterprise

EJBCA, Microsoft and open source: How Azure brought everything together

It used to be uncommon to mention open source and Microsoft in one sentence. PrimeKey’s open source history is no exception, and used to distance us from Microsoft. Read on to learn about the transformation journey of EJBCA and Microsoft during the past...

Customer stories for EJBCA Enterprise

communication tower. cell, radio and television antennas on top

EJBCA Enterprise, Telecom

Powering 5G innovation through security, open standards and flexible integration

Attorneys talking

EJBCA Enterprise, Enterprise, Trust Service Provider

Bundesnotarkammer – Innovation and security in German notaries

DGN Customer Story, PrimeKey

EJBCA Enterprise, Enterprise, Trust Service Provider

Securing and enabling German healthcare


Document signing, EJBCA Enterprise, SignServer Enterprise, Timestamping, Trust Service Provider

The Faroe Islands – Creating a Future-Proof National e-ID

vault and businessman

Bank & Finance, EJBCA Enterprise, Trust Service Provider

Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry

EJBCA Telecom

EJBCA Enterprise, PKI migration, Trust Service Provider

Swisscom – Becoming eIDAS compliant and migrating from RSA to EJBCA Enterprise

Solutions based on EJBCA

Supply Chain Security

Ensure product integrity and security with trusted digital identities from birth

Securing IoT and IIoT devices

Protect data and devices when connecting your solution to untrusted networks

Becoming an eIDAS (Q)TSP

Enable eIDAS compliance and electronic signatures

PKI migration

Consolidate or upgrade your public key infrastructure

Enabling ePassports

Produce and verify ePassports with our dedicated PKI solution

Contact us

Fill in your contact information below and we will get in touch with you.