EJBCA - Open Source PKI Certificate Authority
Search ejbca.org for:

EJBCA support, development and maintenance by



2010-11-26: EJBCA 3.10.6 and cert-cvc 1.2.12 with EAC ePassport support is now out!
Visit the download section. There is also a LiveCD!

The cert-cvc library handles CVC certificates for EU EAC ePassport PKIs and the current release is feature complete for EU EAC ePassports using all algorithms.
The library is freely usable under the LGPL 2.1 (or later) license for all parties interesting in handling CVC certificates, in particular for EU EAC ePassports, and can be downloaded below. The cert-cvc library was donated to the open source by the Swedish National Police Board.
Did you know that EJBCA includes a stand-alone OCSP responder? The responder is scalable with high-performance and can be used also with any other CA than EJBCA.

EJBCA Enterprise PKI

EJBCA is an enterprise class PKI Certificate Authority built on J2EE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used stand-alone or integrated in other J2EE applications.

EJBCA is an enterprise class PKI, meaning that you can use EJBCA to build a complete PKI infrastructure for your organization. If you only want to issue a few single certificates for testing, there are probably options that will get you started quicker, but if you want a serious PKI we recommend EJBCA.

EJBCA has everything for your trust center. Contact us for more info.

You can use EJBCA to issue certificates for different purposes such as:

  • Strong authentication for users accessing your intranet/extranet/internet resources.
  • Secure communication with SSL servers and SSL clients.
  • Smart card logon to Windows and/or Linux.
  • Signing and encrypting email.
  • VPN connections by issuing certificates to your VPN routers such as OpenVPN, Cisco, Juniper etc.
  • Client VPN access with certificates in users VPN clients.
  • Single sign-on by using a single certificate to secure logon to web applications.
  • Creating signed documents.
  • Issue citizen certificates for access to government resources, used in passports etc.
  • Create CVCAs and DVs and issue CV certificates (CVC) to Document Verifiers and Inspection Systems for EU EAC ePassports.
  • ... and many many more ...

You can also use EJBCA to set up a CA independent, high performance, highly available OCSP responder service.

Together with sister projects (see Complimentary software) of EJBCA you can also:

  • Get central trusted Time Stamps for you electronically signed documents.
  • Perform central signing of document.
  • Sign electronic passport data (MRTD).
  • Issue hard tokens (smart cards) and manage the complete life cycle of cards and certificates.
  • ... and many many more ...

Open Source PKI

This PKI software is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.

The source code of EJBCA is hosted on Sourceforge.net and all downloads include the complete source code can be downloaded from there.
If you want to contribute to EJBCA, please see Contribute to EJBCA

Support and development

Commercial support, development, integration and maintenance for EJBCA is available through PrimeKey Solutions.


Here is a list of some of the good organizations that have sponsored development of certain features in EJBCA.

EJBCA 3.1 and later contains support for nCipher HSM. The development of this functionality was sponsored by Linagora, www.linagora.com.

New features in EJBCA 3.2 such as QC statement and external OCSP responders was sponsored by CTec Security Solutions, http://www.commguard.com/.

EJBCA 3.3 and later contains support for LunaHSM (SafeNet). The development of this functionality was sponsored by Atos Worldline http://www.atosworldline.com/index_FR.htm and done with the support of Linagora http://www.linagora.com.

New features in EJBCA 3.3 such as Internal RA Approval and Subject Directory Attributes was sponsored by Simetri Yazilim A.S., http://www.simetri.com/.

New features in EJBCA 3.4 such as CMP, XKMS, services framework and much more was sponsored by GIE Cartes Bancaires and Linagora.

The Marlin Trust Management Organization (MTMO) will be using EJBCA to provide key management services for the commercial adoption of Marlin DRM. EJBCA 3.4.0 supports RSA and ECC implementations of the Marlin PKI infrastructure.
ECC implementation and other improvements were implemented with the support of the MTMO.

EJBCA 3.5 contains generic PKCS#11 interface to HSMs, supporting among others the Utimaco CryptoServer. This development was sponsored by Utimaco.

New in the HSM support is the AEP Keyper HSM.

EJBCA 3.7 contains support for CVC CAs used for EU EAC ePassports. This development was sponsored and contributed by the Swedish National Police Board.

EJBCA 3.10 contains an enrollment Web GUI for the External RA. This development was sponsored by APNIC.