Bn c bit rng EJBCA bao gm mt p tr OCSP c lp? B p tr c kh nng m rng vi hiu sut cao v c th c s dng cn vi bt k CA khc EJBCA.

EJBCA Enterprise PKI

EJBCA is an enterprise class PKI Certificate Authority built on J2EE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other J2EE applications. EJBCA is an enterprise class PKI, meaning that you can use EJBCA to build a complete PKI infrastructure for your organization. If you only want to issue a few single certificates for testing, there are probably options that will get you started quicker, but if you want a serious PKI we EJBCA has everything for your trust center. Contact us for more info

Strong authentication for users accessing your intranet/extranet/internet resources. Secure communication with SSL servers and SSL clients. Smart card logon to Windows and/or Linux. Signing and encrypting email. VPN connections by issuing certificates to your VPN routers such as OpenVPN, Cisco, Juniper etc. Client VPN access with certificates in users VPN clients. Single sign-on by using a single certificate to secure logon to web applications. Creating signed documents. Issue citizen certificates for access to government resources, used in passports etc. Create CVCAs and DVs and issue CV certificates (CVC) to Document Verifiers and Inspection Systems for EU EAC ePassports. ... and many many more ...

You can also use EJBCA to set up a CA independent, high performance, highly available OCSP responder service. Together with sister projects (see Complimentary software) of EJBCA you can also:

Get central trusted Time Stamps for you electronically signed documents. Perform central signing of document. Sign electronic passport data (MRTD). Issue hard tokens (smart cards) and manage the complete life cycle of cards and certificates. ... and many many more ...

Open Source PKI

This PKI software is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.

The source code of EJBCA is hosted on Sourceforge.net and all downloads include the complete source code can be downloaded from there. If you want to contribute to EJBCA, please see Contribute to EJBCA
******Contribute to EJBCA

Donate
If you find EJBCA useful and want to support its continued development, you can make a donation to help pay for engineering costs, infrastructure and promotion of the project.

Donate using PayPal

If you have a PayPal account, donating is easy. Just click the button below to donate:
**********

Support and development

Commercial support, development, integration and maintenance for EJBCA is available through PrimeKey Solutions

Sponsors
Here is a list of some of the good organizations that have sponsored development of certain features in EJBCA. EJBCA 3.1 and later contains support for nCipher HSM. The development of this functionality was sponsored by Linagora, www.linagora.com. New features in EJBCA 3.2 such as QC statement and external OCSP responders was sponsored by CTec Security Solutions, http://www.commguard.com/. EJBCA 3.3 and later contains support for LunaHSM (SafeNet). The development of this functionality was sponsored by Atos Worldline http://www.atosworldline.com/index_FR.htm and done with the support of Linagora http://www.linagora.com. New features in EJBCA 3.3 such as Internal RA Approval and Subject Directory Attributes was sponsored by Simetri Yazilim A.S., http://www.simetri.com/. New features in EJBCA 3.4 such as CMP, XKMS, services framework and much more was sponsored by GIE Cartes Bancaires and Linagora. The Marlin Trust Management Organization (MTMO) will be using EJBCA to provide key management services for the commercial adoption of Marlin DRM. EJBCA 3.4.0 supports RSA and ECC implementations of the Marlin PKI infrastructure.

ECC implementation and other improvements were implemented with the support of the MTMO. EJBCA 3.5 contains generic PKCS#11 interface to HSMs, supporting among others the Utimaco CryptoServer. This development was sponsored by Utimaco. New in the HSM support is the AEP Keyper HSM. EJBCA 3.7 contains support for CVC CAs used for EU EAC ePassports. This development was sponsored and contributed by the Swedish National Police Board. EJBCA 3.10 contains an enrollment Web GUI for the External RA. This development was sponsored by APNIC.
Any serious PKI deployment has to be properly administered and maintained, for which organizations need to have skilled PKI administrators. The best and most cost-efficient way to learn about EJBCA is to attend courses from the folks that have created it and have deployed and maintained numerous installations. The courses are designed by Henrik Andreasson from WM-data/Logica and Joakim Bgnert from PrimeKey Solutions. Henrik has, among other skills and experiences, worked with diverse PKI implementations over the years, helping customers install, run and maintain large-scale PKI systems. Joakim is product specialist from PrimeKey, where he has participated in many projects involving EJBCA.

The course program is divided into following areas: Installation Administration Advanced topics

Installation

All courses are designed so that the participants learn practical skills, and while EJBCA would run on any operating system that has support for Java and a J2EE application server, for the purpose of the EJBCA Training courses, Windows XP client system is assumed, and SUSE Linux ES 10 for the CA server. The installation course goes through all steps needed to have EJBCA installed and running, including installation and setup of MySQL database, JBoss application server, Ant build system, and finally, EJBCA itself. In the end, each trainee has a setup with an operational PKI, an Apache server with own generated certificates, and a client system that can access the EJBCA web interface

Administration

The Administration course continues from where Installation course ends (A VMware image is provided for those who wish to skip the Installation course.)

In the beginning of the course, one has a walk trough of the EJBCA interfaces (public web, admin web and command line interface). The next two topics deal with steps for creating CAs for authentication certificates and for SSL certificates. After this comes management of End-Entities (search, revoke, renew) and CRLs (issuance, scheduling). The course rounds off by a session where one learns how to separate different administrative roles and how to create groups for CA administrators, RA administrators, Supervisors, and Super Administrator.

Advanced Topics

This course assumes knowledge from the Installation and Administration courses. Attendees have a smorgasbord of topics that provide comprehensive coverage of real life situations, and it usually takes two days to go trough them all. Adjusting EJBCA with property files
EJBCA, database, web, mail, cmp, ocsp, protection and xkms property files

Smart cards issuance

CA tokens on a smart card based HSMs.

Key Recovery
Configuration of the system and profiles as to enable key recovery. A scenario with lost card is simulated, with steps for recovering keys, and comparing the recovered token with the original one.

EJBCA command line interface (CLI)

batch command ca command with options: info | init | listcas | getrootcert | createcrl | getcrl | listexpired | exportprofiles | importprofiles | importca | importcert | republish | activateca | deactivateca other CLI commands: ra, adduser, setpwd, setclearpwd, revokeuser, deluser, unrevokeuser, setuserstatus, listnewusers, listusers, finduser, keyrecover, keyrecovernewest, setsubjectdirattr, setup, template, ocsp, asn1dump.

Certificate lifetime from the CLI perspective Approvals

Change settings for CA and RA administrative groups as to require Approvals.

Creation and configuration of Publishers Microsoft smart card logon

Setup a Microsoft Active Directory compatible certificate and end-entity profiles.

Making EJBCA server more secure High availability for a PKI installation Syscheck to monitor EJBCA server EJBCA Healthcheck Backing up the EJBCAs database System documentation
Certificate policies and CPS Profile-, Server-, Physical- and Routine documentation

Log signing
Configure, verify

External EJBCA Interfaces Certificate status control

CMS, CMP, SCEP, External RA, XKMS, Web Services Internal OCSP, External OCSP

Services
CRL Issuer, Certificate Expiration Checker, Custom Service

Troubleshooting Certificate and End-Entity profiles

Creating S/MIME CA, Sign CA and VPN CA Creating End-Entity certificate profiles for S/MIME, Sign and VPN

NTP Hard Token Management Framework

User data sources PIN and PUK Management