Commonly referred to as a Certificate Authority (or CA), EJBCA Enterprise is certainly one of the top rated IT-security software for Certificate Issuance and Certificate Management. By keeping track on who to trust, EJBCA Enterprise protects your data, allowing you to provide safe digital communication when needed.
Extremely flexible, EJBCA Enterprise is used for most imaginable PKI use cases.
Controlling your own security
This is the one PKI software for any organization that needs to manage and operate its own serious, in-house PKI.
Deployable in your own organization, EJBCA Enterprise gives you full control of everything you do. Bundled with support and services, it allows you to handle and maintain your PKI implementation successfully, despite your level of skill.
Flexibility at all levels
EJBCA Enterprise is for all professional users, in all types of companies.
The flexibility of both the software and our organization, allows you freedom to choose which components of the package best suit your needs. It also makes our services very adaptable to your demands. We are here to discuss your needs! In the meantime, we would like to suggest that the most successful PKI implementation comes packaged.
Deploying EJBCA Enterprise obtained as a full package together with services; you can comfortably sit back and enjoy the safe and quiet ride.
- Industrial strength PKI software. Installed on your premises. Operated by you.
- Ensures your production against many undesired issues and unnecessary down time.
- Professional services. To help, mentor and guide you through the whole project life cycle.
EJBCA Enterprise Features:
- Common Criteria EAL4+ certified.
- Used in many WebTrust, CWA 14167 and eIDAS audited installations.
- Integrity protected audit log (log signing), with digital signature or HMAC protection.
- Full database integrity protection of all tables, to detect database manipulation.
- Command line tool for verification of audit and database integrity protection.
- Validation tool for conformance checking of certificates and OCSP responders.
- EAC PKI (EAC 1.11 and 2.10) for ePassports and eIDs, Country Verifying CA (CVCA) and Document Verifiers (DV) issuing Inspection System (IS) certificates.
- Certified access control and authorization module, for assurance and high trust role separation.
- 3GPP, i.e. LTE/4G, compatible PKI, using CMP with multiple Vendor CAs and vendor certificate authentication.
- CMP Proxy to add an additional network layer, with message check, between the CA and CMP clients.
- Command line CMP client in Java useful for scripting, testing and prototyping.
- SCEP RA mode, using SCEP controlling entity creation from an RA.
- SCEP Client Certificate Renewal, allowing client certificate renewal using SCEP
- Certificate Transparency, RFC6962.
- CertSafe publisher to send, and revoke, certificates from a CertSafe server.
- Peer Connectors for managing Peer Systems, such as OCSP Responders.
- Direct Validation Authority (OCSP responder) updates from CA to VA. Ideal for low latency revocation and white listing.
- External RA with a polling model for RA to CA communication, for high security environments. Ability to run the RA web UI in polling mode.
- Create Crypto Tokens and CAs, generate keys and add and remove administrators through the Web Service API.
- EV Certificate specific DN components as defined in CABForum guidelines (jurisdictionLocality, State and Country).
- eIDAS specific fields as defined in ETSI EN 319 412 (organizationIdentifier).
- Additional algorithms using HSMs through PKCS#11, RSASSA-PSS (SHA256WithRSAAndMGF1). Available through patches for Java.
- Support for Native MS Autoenrollment in Windows environment with add-on autoenrollment proxy module.
- Support for GOST and DSTU algorithms (Russian and Ukrainian algorithms).
- Penetration tested with improved security.