1. Home
  2. /
  3. About


One of the world's most popular PKIs, EJBCA gives you time-proven flexibility and robustness. Unlike many other PKI solutions, EJBCA is platform-independent and can be scaled out and in to match your needs.



Open source PKI and Certficate Authority

All your certificate management, registration, enrollment, and validation needs, are covered by EJBCA.

One installation can support multiple secure separated and independent PKIs simultaneously using a modular architecture for the Certificate Authority (CA), Registration Authority (RA), and Validation Authority (OCSP and CRL functionality). Combined with the fact that EJBCA supports many enrolment protocols, integration interfaces, certificate profiles, and cryptographic algorithms, EJBCA is a good choice when securing industrial environments, IoT devices, national eIDs, DevOps workflows, and internal PKIs.

F-Keyfactor_Illustration-Certificate issuance

EJBCA: The Ultimate Open-Source CA and PKI Software for IoT, Industrial, DevOps, IT, and More

EJBCA Community edition is an open-source project sponsored by Keyfactor and licensed under LGPL v2.1. The source code and container editions are available for free download. Moreover, EJBCA is also available in an Enterprise edition, and a 30-day free trial is available on AWS and Azure marketplaces.

Community vs Enterprise edition

Being one of the longest-running open-source CA projects, EJBCA PKI provides time-proven robustness and reliability for businesses, organizations, and products throughout the world. 

Without even knowing it you are probably using EJBCA on a daily basis.

See full documentation


Years of history




Downloads per month

Why users choose EJBCA

Get started with EJBCA container

Get started quickly

Download our containers or build from source from GitHub. Get started with video tutorials and documentation online.


Flexible for your use case

EJBCA supports a variety of enrolment protocols, integration interfaces, certificate profiles, and cryptographic algorithms. 

Climbing Up The Stairs

Deployment automation and scaling

EJBCA can run in any number of instances as needed, and installations and configurations can be automated with Helm or Ansible playbooks.

Ansible Playbooks

Grow with your needs

Convert to EJBCA Enterprise, when your PKI service requires SLAs, security and audit-proof configurations, or an alternative deployment option such as hardware or software appliance, cloud, SaaS, or a combination. Try EJBCA Enterprise cloud edition for free for 30 days


EJBCA on Azure

keyfactor-ejbca-enterprise-lite (1)

History of EJBCA

Tomas Gustavsson and his team published the first version of EJBCA in 2001 with the goal of developing an enterprise-grade PKI based on modern technology. In 2002, PrimeKey* was founded as a consultancy specializing in the open-source product EJBCA. In 2008 EJBCA became Common Criteria-certified for the first time, and that was also when the first Enterprise edition of EJBCA was released. 

Since then, EJBCA has gained popularity and continues to be updated to keep it modern and suitable for the highest-performance cloud-native world.

For organizations that require guaranteed stability and support, advanced security configurations and certifications, or access to more deployment options, we recommend the EJBCA Enterprise edition.

As of June 2021, PrimeKey is a part of Keyfactor


Tomas Gustavsson, the founder of EJBCA, who released the very first version of the software in 2001.

Get in contact today to learn more about EJBCA Enterprise & how it can benefit your organization