ENTERPRISE EDITION This is an EJBCA Enterprise Edition (EE) feature.
The following sections cover information on Card Verifiable Certificate (CVC) CAs:
EJBCA Enterprise has full support for Card Verifiable Certificates (CVC BSI TR-03110) used by EU EAC ePassports and eIDs.
Using EJBCA you can set up a complete PKI infrastructure for CVC CAs with:
Domestic DVs (document verifier)
Inspection systems (IS)
Authentication Terminals (AT)
Signature Terminals (ST)
EJBCA supports RSA and ECC keys in CV certificates with the following algorithms:
SHA1WithRSA - id-TA-RSA-v1-5-SHA-1
SHA256WithRSA - id-TA-RSA-v1-5-SHA-256
SHA1WithRSAAndMGF1 - id-TA-RSA-PSS-SHA-1
SHA256WithRSAAndMGF1 - id-TA-RSA-PSS-SHA-256
SHA1WithECDSA - id-TA-ECDSA_SHA_1
SHA224WithECDSA - id-TA-ECDSA_SHA_224
SHA256WithECDSA - id-TA-ECDSA_SHA_256
Using SignServer you can set up a clustered Document Signer. For more information, see www.signserver.org.
In addition to Inspection Systems (IS), EJBCA supports certificate hierarchies for Authentication Terminal (AT) and Signature Terminal (ST) end-entities as of EAC 2.10.
To use AT or ST certificates, create certificate profiles with the Terminal Type configured for your CAs and end entities. For more information, see Inspection Systems.