Migrating to PrimeKey EJBCA from RSA Digital Certificate Solution

CA Migration and Consolidation Best Practices by PrimeKey

Ready to draw benefit from PKI consolidation?

A typical enterprise PKI infrastructure grows over time, with shifts in business needs and added use cases. The result is often a heterogeneous environment with inconsistent security policies, where the costs associated with maintaining security and administration grows. Moreover, older PKI solutions may have limitations in business model or functionally that make them unfit to support current needs and regulatory requirements. For organizations currently utilizing RSA Digital Certificate Solutions it is urgent to find a new PKI solution, as January 31st, 2018 marks the end of the extended support for the product. Regardless of driving force for migration and consolidation, PrimeKeys solution is a proven, scalable and flexible choice.

Best Practice by PrimeKey

The stakes are high when migrating or consolidating an enterprise PKI infrastructure. It is imperative that current solutions enabled by existing certificate services continue working with limited interruption, that the migration project manage existing interfaces and integrations to external systems, and that the robustness of the infrastructure is maintained – or improved – with the migration.

PrimeKey have vast experiences migrating RSA Digital Certificate Solutions to PrimeKey EJBCA, with best practices ensuring:

  • A smooth and secure migration.
  • A predicable project scope.
  • Improved certificate managed functions and control.
  • A flexible and extendable CA platform.
  • A secure and reliable installation.
  • An open and future proof product.

A Step-by-Step Guide

To minimize complexity when migrating from RSA Digital Certificate solutions, Primekey have developed a migration tool readily available to organizations moving to PrimeKey EJBCA. The following step-by-step approach make the transition project scope predictable and secure:

  1. Map the existing RSA certificate jurisdictions and extension profiles to EJBCA certificate and end-entity profiles
  2. Set up EJBCA Enterprise to access the HSM used for CA keys
  3. Configure EJBCA Enterprise with existing CA certificates to support defined certificate and revocation services.
  4. Import existing certificates and CRL information using the PrimeKey migration tool.
  5. Set up integration points for certificate management
  6. Test complete set of end to end use cases and services.

With the above steps completed, all that remains is the decommission of the old CA:s. PrimeKeys professional services and support staff have successfully conducted a vast number of migrations, and will be there to help you all the way.

Benefits of migrating to PrimeKey EJBCA

When migrating to EJBCA, it is common to see a number of benefits beyond the core PKI capabilities:

  • An optimized offering of certificate services as old services are discontinued and new services are set up based on more modern standards.
  • Elimination of proprietary and outdated interfaces.
  • A more homogeneous environment that is easier and more cost effective to maintain.

With PrimeKey EJBCA you can rest assured that your organization has a solution that will accommodate current and future PKI needs. The benefits of PrimeKeys PKI solutions include:

  • Proven. As one of the world’s leading companies for PKI solutions, PrimeKey has developed successful technologies such as EJBCA Enterprise, SignServer Enterprise and the PrimeKey PKI Appliance. These products have been proven in a range of circumstances, from critical telecom and power infrastructure to smart products from several of the world’s most recognized brands and national e-IDs.
  • Scalable. Using either PrimeKey EJBCA Enterprise Software or the PrimeKey PKI Appliance you can rest assured that whether you are looking to issue and validate 10 or 10 billion certificates, the solution scales with your business. In addition, a PrimeKey PKI solution can scale across different use cases – from enterprise PKI to large-scale IoT and beyond.
  • Unconstrained. PrimeKey gives you the choice of – and the choice to combine – on premise, cloud, as a hardware appliance or software-only PKI solutions. This means the infrastructure is deployed in manner best suited for your business needs and can flexibly grow and expand over time.

Key Features

High Security and Reliability

  • Common Criteria EAL4+ certified
  • Detailed and integrity protected audit and transaction logs
  • Role-based authorization
  • Hardware security modules
  • Designed for scalability and reliability
  • Scalability and availability using clusters


  • Configurable profiles supporting diverse use cases and standards
  • Integration interfaces, supporting standard protocols and web services
  • Designed for high levels of automation
  • Supports different deployment scenarios
  • Available as Software, Appliance, in the cloud and as hybrid deployments

Regulatory Compliance

  • ETSI/eIDAS and WebTrust-compliant
  • Enabling GDPR-compliance across platforms and systems
  • Future-proof and flexible to support regulatory demands of the future.

Get in touch with us

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.