Built on open standards and an open source platform, EJBCA Enterprise brings the maturity and transparency required for business-critical Public Key Infrastructure (PKI) installations. Supporting issuance of machine-, device- or personal certificates, EJBCA allows for multiple PKI hierarchies with an unlimited number of Certification Authorities (CAs) and/or subordinate CAs, Registration Authorities (RA) and Validation Authorities (VA).
EJBCA Enterprise is designed for robustness and security, and follows best practice Common Criteria EAL4+ security evaluation standards. EJBCA will help to assure compliance and to protect your brand, assets, and reputation. The robustness of EJBCA has been proven in many large scale implementations, with millions of certificates under high transaction loads and high service availability. Utilizing open standard protocols and APIs, EJBCA brings excellent integration capabilities for situations where PKI workflows need to be automated and tied to other technology- or business- related workflows.
There is an open source application that has been around for more than 15 years and has developed quite a following. Adopted by many, this application has been designed to manage digital keys and certificates that make up the digital identities required to transparently automate all PKI-related processes in an organization. In the community it is known as a very robust, flexible and high performance application.
As the organization’s Certificate Authority (CA) system, EJBCA software gives you the opportunity to use Public Key Infrastructure (PKI) in enterprise functions such as:
To enhance security of keys and certificates generated and used by a CA, EJBCA can be configured to use a Hardware Security Module (HSM). Enabling the use of a hardware security module with EJBCA not only strengthens protection of keys and certificates, but might also be a necessary step towards legal conformity and certification.
The HSM protects the signing key by holding it in hardware in such a way that renders the purpose of an attack – the recovery of the private key – unachievable. It can be used as a universal, independent security component for heterogeneous computer systems.
For those users who are not interested in managing EJBCA themselves, PrimeKey offers a variety of turnkey solutions based on the EJBCA technology.
With precision engineering, tamper-proof Utimaco HSMs offer scalable performance with the highest level of physical security and defense mechanisms for hostile environments. If you’re looking for hardware with active temper detection and response (including up to FIPS 140-2 level 4) – Utimaco offers a range of options to meet these physical security criteria. CryptoServer is a hardware security module developed by Utimaco, i.e. a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage and store cryptographic keys and data.
What sets Utimaco apart from other HSM companies is its “Made in Germany” quality and the “no licensing fees” policy – you can use Utimaco’s own implementation of asymmetric algorithms for no additional cost. In addition to that, there are no limits on algorithms or the number of users. Utimaco also offers a fully-fledged Software Development Kit (SDK) – the professional development environment for all Utimaco Hardware Security Modules.
Finally, we are so confident in our products that we will let you try our free Simulator before committing to any kind of purchase. The simulator is a pure software implementation of the HSM, and is configured, used and behaves identically to the physical HSM. This allows you to build, test and prove your infrastructure against the Utimaco CryptoServer HSM, without having to purchase hardware until you are ready to deploy. The Simulator is also programmable, using the same SDK!
What’s more, in a heterogeneous environment EJBCA can be run alongside with and integrate to Microsoft’s Active Directory Certificate Services (AD CS) which is a big advantage for users with both Windows and non-Windows-based systems. In this scenario, you can have a single Root CA responsible for both branches. If you do prefer to use AD CS for your PKI needs, Utimaco can offer the full protections of an HSM in AD CS, also!