Using EJBCA as a Standalone CA/RA/VA #
The following outlines the architecture of a standalone CA/RA/VA.
Standalone CA/RA/VA #
You can deploy a complete PKI in a single instance. Since EJBCA has everything built-in you can have a single instance functioning as both CA and RA. This is a very efficient, easy to manage, and cost-effective solution that is suitable for many SME enterprise deployments.
Multiple CAs for different use-cases can co-exist in a single instance and security levels can be scaled with, for example:
- Administrators can use smart cards or soft tokens for accessing the administration interface.
- The CA can use an HSM or soft tokens for the CA signing keys.
- Users and machines can be issued with soft tokens or smart cards/USB tokens.
- Various filtering options can be deployed in firewalls.
For more information on creating a CA with EJBCA, see EJBCA Operations Guide.