EJBCA® Hardware Appliance

With PrimeKey EJBCA Hardware Appliance, you get the most used PKI solution in the world, packaged in a turn-key rack-mounted hardware appliance. With its integrated HSM, it is the easiest and most efficient way to deploy and manage a full-blown PKI.

Contact us Download Product Sheet


Feature-complete PKI

EJBCA Hardware Appliance supports all your public key infrastructure (PKI) use cases and scales with your needs. It offers clustering possibilities and comes in five models, XS to XL and three hardware security module (HSM) performance levels.

Turn-key solution

Easy and fast deployment and updates with a stable package that includes the complete software and hardware stack - not only the PKI application. 

HSM included

PrimeKey always recommends using a HSM with your PKI. That is why the EJBCA Hardware Appliance comes with an integrated FIPS-certified HSM, for easy installation and maintenance. 


Features of EJBCA Hardware Appliance

Make PKI simpler and safer, by predicting costs and saving resources while increasing the quality and minimizing the risks of your PKI project. Our turn-key PKI hardware appliance is the best choice for most on-premises medium to large deployments — suitable even for managed services, Internet of Things (IoT) and eIDAS (qualified) Trust Service Providers.


Complete technology stack

EJBCA Hardware Appliance comes with all use cases and components needed to successfully deploy and operate a full-blown PKI. In a single instance, you can run multiple certificate authorities (CAs), subordinate CAs, registration authorities (RAs), and validation authorities (VAs).


Easy to maintain 

Easy and effective management is the key to a secure and reliable PKI deployment. Updates and upgrades are delivered as complete and tested software packages for smooth maintenance. Backup and restore routines are robust and simplified to reduce manual errors.


FIPS-certified HSM

An integrated FIPS 140-2 Level 3-certified HSM brings enterprise-grade security keeping all cryptographic keys secure. The built-in HSM comes in different performance levels.


Flexible for your use cases

PrimeKey understands that organizations have different needs and business requirements - and that things evolve over time. We therefore offer the EJBCA Hardware Appliance in five different models ranging from XS to XL. This gives you the possibility to start small and grow with your use cases.

Related resources

About PrimeKey
EJBCA Enterprise
EJBCA Hardware Appliance
EJBCA Software Appliance

EJBCA® Enterprise achieves Common Criteria certification

We are proud to announce that PrimeKey’s EJBCA Enterprise has achieved Common Criteria certification conformant to the Protection Profile for Certification Authorities, a Collaborative Protection Profiles (cPP) approved by the National Information Asso...
enabling security through PKI
On-demand webinar
Corporate PKI
EJBCA Enterprise
EJBCA Hardware Appliance
EJBCA Software Appliance
PKI migration

Webinar: Own your own risks – Modern manufacturers on-prem security journey to the Cloud

Let us demonstrate together with Thales how manufacturing organizations can benefit from robust and securely built PKI implementations. Date: 12 May Time: 11 AM CET Duration: 1 hour Presented by: Paul Hampton, Cyber Security Specialist, Thales Tom...
Android signing schemes, compliance and crypto agility
Tech update
EJBCA Enterprise
EJBCA Hardware Appliance
EJBCA Software Appliance

EJBCA plugin available for Hashicorp Vault

Hashicorp Vault is a popular tool  for encryption services and secrets management. The Vault is available both as open source and Enterprise versions. It can be deployed as a container in any cloud environment. The Vault allows applications  to generate...

Five models adapted to your needs

The EJBCA Hardware Appliance is available in five different models ranging from an XS model, which is designed to operate as a dedicated root CA, to an XL, which is suited for extremely large PKI deployments.

Extra Small EJBCA Hardware Appliance

Model Extra Small is the smallest Hardware Appliance with support for up to 1,000 certificates. This model is ideal for an offline Root CA in a PKI deployment.

Small EJBCA Hardware Appliance

This is your PKI start environment - EJBCA with everything you need. The Small model supports the operation of multiple, independent PKI hierarchies with one installation. 

Medium EJBCA Hardware Appliance

Start with model Medium if you already know that you need more certificates and better certificate performance capacity. This model supports up to 15 million certificates.

Large EJBCA Hardware Appliance

Model Large has an increased certificate issuing performance and can manage even more certificates. If you have one or a couple of use cases that require a high number of certificates, and you soon expect to add additional use cases on top, then you should choose this model. 

Extra Large EJBCA Hardware Appliance

Model XL is suited for extremely large PKI deployments with the need for more than 100 million certificates. It has the same certificate issuing performance as model Large, but supports up to 160 million certificates and has upgraded storage.

Stand-alone models

The following stand-alone models are also available, including the Validation Authority and Registration Authority modules and the eIDAS edition. 

EJBCA Registration Authority

The EJBCA RA is an external entity to the Certificate Authority (CA). It is used for registration and enrollment of any type of certificate and adds an additional layer of security around the CA.

Read more

EJBCA Validation Authority

EJBCA Validation Authority (VA) offers real-time certificate validation with OCSP and CRLs.

Read more

eIDAS edition

The hardware appliance is also available as an eIDAS edition including a Common Criteria Protection Profile EN 419 221-5 Hardware Security Module (HSM).

Read more on Doc

Customer stories from PKI implementations around the globe

communication tower. cell, radio and television antennas on top

EJBCA Enterprise, Telecom

Powering 5G innovation through security, open standards and flexible integration

Attorneys talking

EJBCA Enterprise, Enterprise, Trust Service Provider

Bundesnotarkammer – Innovation and security in German notaries

DGN Customer Story, PrimeKey

EJBCA Enterprise, Enterprise, Trust Service Provider

Securing and enabling German healthcare


Document signing, EJBCA Enterprise, SignServer Enterprise, Timestamping, Trust Service Provider

The Faroe Islands – Creating a Future-Proof National e-ID

vault and businessman

Bank & Finance, EJBCA Enterprise, Trust Service Provider

Bank-Verlag – Launching an eIDAS-compliant trust center for the German banking industry

EJBCA Telecom

EJBCA Enterprise, PKI migration, Trust Service Provider

Swisscom – Becoming eIDAS compliant and migrating from RSA to EJBCA Enterprise

Contact us

Fill in your contact information below and we will get in touch with you.