Migrate from RSA Digital Certificate Solution to EJBCA

For organizations currently utilizing RSA Digital Certificate Solutions it is urgent to find a new PKI solution, as January 31st, 2018 marks the end of the extended support for the product. PrimeKey has helped many organizations to smoothly migrate their PKI solution from RSA to EJBCA Enterprise and we know how to make the process both efficient and secure.

Contact us Download solution sheet

Discussing supply chain security on whiteboard

Benefits of migrating to PrimeKey EJBCA

With EJBCA you can rest assured that your organization has a solution that will accommodate current and future PKI needs. The benefits of our PKI solutions include: 


EJBCA is a complete PKI, including Certificate Authority, Registration Authority and Validation Authority (CRL and OCSP) functionality. Several of the world’s most recognized brands and national e-Ids use EJBCA and it has been proven in a range of use cases and industries, from critical telecom and power infrastructure to smart products. 


Using either deployment type of EJBCA, you can be confident that whether you are looking to issue and validate ten or ten billion certificates, the solution scales with your business. In addition, EJBCA scales across different use cases – from enterprise PKI applications to large-scale IoT and beyond. 

Choose your preferred way to deploy

We give you the choice of – and the choice to combine – flexible on-premises software or hardware appliances, cloud or as-a-service PKI solutions. This means the infrastructure is deployed in manner best suited for your business needs and can grow flexibly over time. 

PKI, Code signing and more

PrimeKey does not only offer PKI. The product portfolio also includes for example document signing, code signing and timestamping functionality that seamlessly integrates into EJBCA. In addition, PrimeKey offers a FIPS-certified secure execution hardware, SEE, that enables you to run your application and data in a secure server.

Step-by-step PKI migration

To minimize complexity when migrating from RSA Digital Certificate solutions, Primekey have developed a migration tool readily available to organizations moving to PrimeKey EJBCA. The following step-by-step approach make the transition project scope predictable and secure: 

1. Map certificates and profiles

Map the existing RSA certificate jurisdictions and extension profiles to EJBCA certificate and end-entity profiles.


2. Set up HSM

Set up EJBCA Enterprise to access the HSM used for CA keys.


3. Configure EJBCA

Configure EJBCA Enterprise with existing CA certificates to support defined certificate and revocation services.

4. Run migration tool

Import existing certificates and CRL information using the PrimeKey migration tool.


5. Set up certificate management

Set up integration points for certificate management.

6. Test services

Test complete set of end-to-end use cases and services.

Need any help?

With the above steps completed, all that remains is the decommission of the old CA:s. PrimeKeys professional services and support staff have successfully conducted a vast number of migrations, and will be there to help you all the way. 

Contact us 

Deploy EJBCA as it suits you

EJBCA® Enterprise

Complete public key infrastructure (PKI) and certificate management

EJBCA® Hardware Appliance

Turn-key PKI hardware and software solution with integrated HSM


Complete EJBCA PKI as a service

EJBCA® Cloud

Complete PKI software solution on AWS and Azure cloud 

Contact us

Fill in your contact information below and we will get in touch with you.