EJBCA - Open Source PKI Certificate Authority
Search ejbca.org on Google:
EJBCA release news & other marvels

EJBCA Enterprise 6.5.1 has now been released. PrimeKey's EJBCA Enterprise is Common Criteria EAL4+ certified and CWA/ETSI compliant to provide the most powerful and flexible PKI. For entire non-community features, only available in EJBCA Enterprise, see the section on "Enterprise Edition features" in the features list.
Posted: 2016-04-15

EJBCA Community 6.3.1.1 is now out! The next generation open source PKI is here, supporting Java 7, JBoss 7 and new advanced features. Visit the download section. There you will also find a pre-installed VM to try (not necessarily with the latest version though).
Posted: 2015-06-02

EJBCA Tech Blog! USB 3.1 Certificate Authentication with EJBCA
Posted: 2016-04-13

PKI-in-a-box! By integrating secure hardware technology with the flexibility, reliability and feature set of EJBCA Enterprise, the turnkey PKI Appliance features an easy to install PKI-in-a-box, offering predictable costs and increased quality to your PKI solution. Check out the simpler, yet safer, PrimeKey PKI Appliance.

EJBCA PKI CA

EJBCA is a PKI Certificate Authority software, built using Java (JEE) technology. Robust, flexible, high performance, scalable, platform independent, and component based, EJBCA can be used stand-alone or integrated with other applications.

Being extremely scalable and flexible, EJBCA is suitable to build a complete PKI infrastructure for any large enterprise or organization. If you only want to issue a few single certificates for testing, there are probably other options that will get you started quicker, but if you want a serious Certificate Authority to manage your Public Key Infrastructure, we recommend EJBCA.
Investigate the links below to understand more what EJBCA really is.

EJBCA has everything for your trust center. Contact us for more info, or look at the full (but never complete) features list.

Certificate issuance

Some uses cases where EJBCA can help you to issue certificates are:

  • Strong authentication for users accessing your intranet/extranet/internet resources.
  • Secure communication with SSL/TLS servers and SSL/TLS clients. EJBCA is an excellent SSL PKI.
  • Smart card logon to Windows and/or Linux.
  • Linux autoenrollment, Windows autoenrollment, automated secure VM deployment, and more.
  • Signing and encrypting email (SMIME).
  • VPN connections by issuing certificates to your VPN routers such as OpenVPN, Cisco, Juniper etc.
  • Client VPN access with certificates in users VPN clients.
  • Network authentication with 802.1x.
  • Single sign-on by using a single certificate to secure logon to web applications.
  • Creating signed documents.
  • Mobile PKI, enrolling iOS etc.
  • Secure mobile networks, i.e. 3GPP/LTE/4G using the CMP protocol.
  • Counterfeit prevention by signing and pairing accessories.
  • Internet of Things (IoT). Need some hundreds of millions of certificates fast? EJBCA will handle it.
  • Mobile Device Management (MdM) and Enterprise Mobility Management (EMM).
  • Issue citizen certificates for access to government resources, used in passports etc.
  • Create CVCAs and DVs and issue CV certificates (CVC) to Document Verifiers and Inspection Systems for EU EAC ePassports and eIDs.
  • ... and many many more ...
Note
You can also use EJBCA to set up a CA independent, high performance, highly available OCSP responder service.

Together with sister projects (see Complementary software) of EJBCA you can also:

  • Get central trusted Time Stamps for you electronically signed documents.
  • Perform central signing of documents.
  • Sign electronic passport data (MRTD).
  • Issue hard tokens (smart cards) and manage the complete life cycle of cards and certificates.
  • ... and many many more ...
Note
The cert-cvc library handles CVC certificates for EU EAC ePassport PKIs and the current release is feature complete for EU EAC ePassports using all algorithms.
The library is freely usable under the LGPL 2.1 (or later) license for all parties interesting in handling CVC certificates, in particular for EU EAC ePassports. The cert-cvc library was donated to the open source by the Swedish National Police Board.

Open Source PKI

This PKI software is OSI Certified Open Source Software licensed under the LGPL v2.1 or later license. OSI Certified is a certification mark of the Open Source Initiative.

The source code of EJBCA Community is hosted on a (mostly) public svn and all downloads include the complete source code and can be downloaded from Sourceforge.net.
If you want to contribute to EJBCA, please see Contribute to EJBCA
You can also donate to EJBCA, please see Donate to EJBCA

Support and development

EJBCA Enterprise with commercial support, development, integration and maintenance is available through PrimeKey Solutions.