EJBCA - Open Source PKI Certificate Authority

Free software

To build a successful PKI you can benefit from a lot of tools available. Here are listed some tools and packages that can be used together with PKI to even further improve your PKI experience.

Signserver

The SignServer is an application for automatic signatures called by other systems not able to connect to cryptographic hardware. It is a framework that can be customized to specific needs using simple plug-in modules. The SignServer have a ready to use TimeStamp Authority (RFC 3161 compliant) and a MRTD Signer. Another usage is to provide a simplified method to provide signatures in different application managed from one location in the company.
The SignServer have been designed for high-availability and can be clustered for maximum reliability.

CRL Publish Perl script

CRL Publish perl script by Kevin Cody-Little.

CRL Publish pushes newly generated CRLs to your distribution web servers. It can be installed from CPAN as module EJBCA::CrlPublish.

CSRTool

CSRTool at sourceforge

A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.)

Some features:

Generates RSA public and private key-pairs in sizes ranging from 1024 to 8192 bits.
Generates Elliptic Curve DSA public and private key-pairs using either the ANSI X9.62 named curves, or custom parameters for your own curve if so inclined.
Saves the private-key in a PKCS8 file with Password-Based-Encryption using the SHA1withTripleDES algorithm.
Generates a PEM-encoded CSR that can be submitted to a CA either through a web-form or e-mail.
Generates keyUsage and/or the subjectAltName extensions (optionally) in the RSA-based CSR.
Combines the private-key from the previously-stored PKCS8 file and the newly returned digital certificate, into a PKCS12 file that can be used for importation into desired applications.

Bouncycastle

Bouncycastle website

Using Bouncycastle you can create your own tools and applications, or PKI enable your existing java applications.

Bouncycastle also have a section with complementary packages (under resources) that you should look at.

JMRTD

JMRTD website

JMRTD is a free implementation of the Machine Readable Travel Document (MRTD) standards as specified by the International Civil Aviation Organization (ICAO). The electronic passport (or "ePassport"), which by now has been introduced in many countries, is an implementation of these standards.

ISODL

ISO18013 Electronic Driving License

Implements CVC certificates for driving licenses, using a slightly modified version of cert-cvc.

jSCEP

Java SCEP implementation

jSCEP is an open-source Java implementation of the Simple Certificate Enrollment Protocol (SCEP). It is capable of supporting both client- and server-side operations.

OpenSC

OpenSC project

OpenSC provides a set of libraries and utilities to work with smart cards. You can use OpenSC to support login and authentication using PKI smart cards.

Hardware tokens

SecureMetric

SecureMetric has over 13 years experience in serving clients across the world and the market leader in the Smart Card and Cryptographic Token industry for the Southeast Asian region. Our flagship SecureToken ST3 is a lightweight PKI token that is cost effective and has been proven to work better than other well known international brands.

When deployed together with our Token Management and Registration Authority (TMS-RA) system, we are able to unify the separated Certificate and Token life cycles into a single management system which allows operators to better manage their clients and reduce support complexity. Besides that, our TMS-RA readily fits into most CA's business models. This feature empowers our partners and customers. The business model and branding strategy technically streamlines a value-adding, outstanding solution provider.

Visit SecureMetric for more information.

Feitian

Feitian is dedicated to being the leading innovator of smartcard and chip operating system based security technologies and applications. Feitian's major business covers Strong Authentication, Software Protection, Smartcard COS and Peripherals. You can get more information about Feitian at www.ftsafe.com.

Aventra MyEID

The Aventra MyEID card is a smart card that works on most platforms, including windows and linux. You can order MyEID cards from the Aventra Webshop.

Token Management

EJBCA can also be used with numerous products (free or non-free) for token management. Some software supported by the respective vendors, and used in production with EJBCA, are listed below.

SecureMetric

Visit SecureMetric for more information.

AET SafeSign IC bundle

A.E.T. Europe B.V. (AET) is a leading global supplier of strong authentication solutions. Our SafeSign Identity Client (IC) is the leading smart card/USB Token middleware available today. It is used by millions of people to securely store their digital certificate on smart cards and USB tokens and gain access to all kinds of applications and systems, like the Industrial Commercial bank of China (ICBC) and the Dutch UZIpas.

BlueX eID Management is a complete token management system that provides a clear set of workflows for every step in the lifecycle of an eID.

Contact AET Europe for more information.

SecMaker Net iD Card Portal

The Net iD Card Portal is a complete card management system for issuing, activating, unblocking and renewing smart cards. Lost, blocked or forgotten cards are quickly and easily handled in the portal.

Net iD Enterprise is a client working on Windows, Linux and Mac OS X. It enables signing, authentication and usage of certificates in various systems. Distinguishing features of the Net iD client is enhanced support in Windows Terminal Server and Citrix Presentation Server, as well as support for a variety of different smart cards.

Contact SecMaker for more information.

Aventra Card Management System

Aventra Ltd is a company specialized in plastic cards, smart cards, and data security. Among it's products are the Aventra Card Management System and the MyEID multifunctional PKI card.

Contact Aventra for more information.

Versasec vSEC:CMS

The vSEC:CMS product portfolio includes everything from easy to use end-user applications, downloadable tools, ready to go appliances... all the way to complete integration platforms - all with the same purpose, simplify lifecycle management of PKI enabled devices. To learn more and to download the software today, visit versasec.com.

Gemalto IDAdmin 200

Gemalto IDAdmin 200 is the leading smart card management system for managing Gemalto's impressive portfolio of smart cards, converged badges and other access enabling tokens. For more information visit the IDAdmin 200 product page.

GemSAFE Toolbox

GemSAFE toolbox and tokens are developed by Gemalto. Using this product an organization can setup a secure platform for online banking, transaction, identity verification and data exchange. It has been adapted by lots of well known companies and organizations for instant, Cisco, Airbus, BMW, China Construction Bank, Industrial Commercial bank of China (ICBC) and etc.

Some of the GemSAFE features:

Email signature and encryption
Smartcard logon
Strong authentication with SSL
Document signature and encryption
VB macro signature
Support 16 languages
Works with MS Outlook, Thunderbird, Lotus Notes, IE, Netscape, FireFox and more

GemSAFE was successfully used together with EJBCA for the ZhuHai Local Taxation Bureau project, listed in the reference installations section.

There is a howto for using GemSAFE with EJBCA in the Howto section.