EJBCA® Enterprise from PrimeKey

EJBCA Enterprise covers all your needs for Public Key Infrastructure (PKI) and Certificate Management.

EJBCA Enterprise and Public Key Infrastructure (PKI)

As the world’s most used PKI (Public Key Infrastructure), certificate issuing and management software, EJBCA Enterprise provides you with the basic security services for trusted identities and secure communication in any environment and use case. EJBCA Enterprise is a multipurpose PKI software that supports multiple CAs and levels of CAs to enable you to build a complete infrastructure (or several) for multiple use cases within one instance of the software.

EJBCA PKI Development
Security product briefings

Flexible Certificate Authority (CA) software

EJBCA Enterprise is a multipurpose PKI software that supports multiple CAs and levels of CAs to enable you to build a complete infrastructure (or several) for multiple use cases within one instance of the software.

Different use cases have different requirements on how registration, initial enrollment and life-cycle management should be performed. EJBCA Enterprise enables multiple integration and automation possibilities and issues certificates to persons, infrastructure components and IoT devices. EJBCA Enterprise is flexible, scalable and secure and is installed at numerous ETSI/eIDAS-, WebTrust audited and ePassport reference customers. EJBCA Enterprise offers Certificate Authority, Registration Authority and Validation Authority (OCSP and CRL) functionality.

PKI with EJBCA Enterprise

PrimeKey’s extendable PKI covers all demands for efficient and reliable issuing and management of digital identities for people, infrastructure components and other devices.

Cost efficient end-to-end security works, if you do it the right way.

Able to protect virtually any area of technology and use case, our EJBCA Enterprise software is used to meet all your needs for Public Key Infrastructure (PKI). PrimeKey’s EJBCA Enterprise comes as flexible software, as an easy-to-use turn-key software or hardware appliances, or as a cloud-based PKI. But technology isn’t everything, for proper security you need to think of organization, architecture and how it all fits your business solution. PrimeKey has extensive experience in implementing PKI solutions in many types of organizations all over the globe and can assist you along the way.

EJBCA Enterprise PKI is security infrastructure for any use case

Commonly referred to as a Certificate Authority (or CA), EJBCA Enterprise PKI is an open source IT-security software for Certificate Issuance and Certificate Management, used for secure communication in any environment. To properly enable security through certificates, EJBCA Enterprise also includes both Registration Authority (RA) and Validation Authority (VA) functionality.

Extremely flexible, EJBCA Enterprise is used for most imaginable PKI use cases and scenarios. The solution can be found in face-to-face issuing workflows as well as in highly automated processes via standard protocols and interfaces.

Control your own security with EJBCA Enterprise

EJBCA Enterprise follows best practices. It has detailed, signed audit and transaction logs, role-based authorization, extensive support for hardware security modules and is designed for scalability and reliability. This is the one PKI software for any organization that needs to manage and operate a serious PKI. In addition, EJBCA Enterprise is already deployed by numerous ETSI/eIDAS- and WebTrust audited reference customers.

Bundled with support and services, EJBCA Enterprise allows you to handle and maintain your PKI implementation successfully, independently of your level of skills.


Through digital certificates all persons and devices in a PKI solution have a unique and secure identity.


With the help of public and private keys, all data in a PKI solution is encrypted and safe from tampering.


Signing code, time, documents etc. ensures the authenticity of any data in a PKI solution.

EJBCA Enterprise Deployment options – Software, Appliance, Cloud or Hybrid

PrimeKey understands that organizations have unique business challenges, including security requirements, budgets and the availability of internal resources. That’s why we give you the choice to combine Software Appliance, Hardware Appliance and public Cloud deployments for your PKI and Signing solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time.

Your deployment options

Flexibility at all levels

EJBCA Enterprise is for all professional users, in all types of companies and you can enjoy the greatest flexibility of deployment options. Enable certain PKI functions in the cloud, as appropriate, while benefiting from being in control of other PKI functions with on-premises software or appliance deployments. EJBCA Enterprise gives you full control of everything you do.

The robustness of EJBCA Enterprise provides the capability of serving both small-scale and larger implementations with millions of users or devices in high availability environments without compromising on security.

Built on open standards, an open source platform and a large installed base all around the world, EJBCA Enterprise brings the maturity, transparency and commitment required for any security focused PKI solution.

EJBCA development - man working

Contact us

Fill in your contact information below and we will get in touch with you.

Key features

Lowest Total Cost of Ownership (TCO)

  • Security by design by following the best practice Common Criteria Certified security evaluation standard
  • Mature and widely proven source code
  • Comprehensive strategic engineering services
  • Short project duration, with fast project deployment

High Security and Reliability

  • Common Criteria
  • Detailed audit and transaction logs
  • Role-based authorization
  • Support for Hardware security modules (HSM)
  • eIDAS edition with support for a Common Criteria Protection Profile EN 419 221-5 HSM
  • Designed for scalability and reliability
  • Service availability across maintenance windows
  • Scalability and availability using clusters


  • Configurable certificate profiles (X.509, eIDAS, PSD2, CVC, RFC5280, RFC 6962, EV Certificate
  • Certificate Authority, Registration Authority and Validation Authority (OCSP and CRL) functionality
  • Integration interfaces (REST, WebServices, ACME, CMP, EST, SCEP, etc.)
  • Multi-use case and multi-tenant platform
  • Flexible deployment options
  • Supports most major databases

Audit Compliance

  • ETSI/CWA-compliant and WebTrust-compliant references

Certificate Auto-enrollment

Combine the full flexibility of EJBCA Enterprise with Active Directory.

With the Certificate Auto-enrollment for EJBCA Enterprise, you can add several templates and match them with EJBCAs Profiles, and you can support multiple use cases. Yes, you can now run this add-on on a Linux server, if you like to.

Read more

RA – Registration Authority

A sophisticated toolbox for a user to enroll any certificate type.

The EJBCA RA provides a sophisticated toolbox for a user to enroll for any certificate type, whether predefined or defined on the CA, either by submitting a Certificate Signing Request (CSR) to have a local key pair signed, or by requesting a certificate based on a key pair stored on the CA.

Read more

VA – Validation Authority

EJBCA Validation Authority (VA) enables on-line verification of authentication and digitally signed transactions.

Read more

Support and maintenance

As with any software, and especially with security software, it is important to keep EJBCA updated with continuous releases and security patches. Having a subscription to PrimeKey Support will not only give you access to new upgrades and features, but also ensure that your software is kept up to date when it comes to security. In short, PrimeKey Support will keep your software at the highest security standards.

Through a PrimeKey Support subscription, both your management and your customers can sleep sound, assured that audit and policy requirements are fulfilled. And in case of issues with your PKI, or simply new demands on it, you have timely access to, and support from, our skilled PKI professionals.

Read more about PrimeKey Support

eIDAS compliant - people in front of computer
Explaining PKI EJBCA


PrimeKey’s training courses are tailored solely toward our customers that utilize PrimeKey PKI Technology. Our state-of-the-art trainings are suitable to advanced users such as technicians, engineers, developers, specialists and system architects.

Regardless of prior level of knowledge, any member of your PKI crew can benefit greatly from our Enterprise Training Courses.

We are very satisfied with the training course and it has met our needs, says Allen Liang, Feitian Technologies Ltd.

EJBCA training

Each tailored real-life course facilitates the different steps of your specific project, and may later on prove crucial to your progress and ability to succeed in challenging circumstances. As participants learn basic and advanced features and have their PKI managing skills increase, they will learn to

  • ease software evaluation and get the most out of any PKI project.
  • build and deploy your PKI timely and with minimal risk.
  • minimize unplanned downtime.

Are you looking for information about EJBCA installation or EJBCA
upgrades, find EJBCA documentation here.

Product Sheet Training



How can we help?

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us