EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI.


With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and adaptability.

“EJBCA was created as an open-source project. The first version of the software was released as open source in December 2001. The ability to make a living from working with it and form a good company with many developers working on open source came later when the co-founders of PrimeKey and I realized that it was something we could do,” Tomas Gustavsson, the creator of EJBCA, told Help Net Security.

EJBCA features

EJBCA is developed in Java and runs on a JVM such as OpenJDK, available on most platforms. Features include:

Enterprise scalability. This was a design criterion from the start and follows the Java Enterprise paradigm.

Flexibility. Another design criterion was that EJBCA should be possible to adapt to an organization’s workflow, not the other way around that the workflow had to follow the software. Flexible APIs/interface and lots of configuration for different use cases.

Future plans and download

“With PKI living up in the last 5-10 years and being a critical component in security infrastructure, EJBCA needs to continue to evolve to meet new needs. There are so many new use cases, not the least in industry, automotive, and other relatively new use cases for security. This means following the market and standardizing all these new areas that are popping up. There is constant development needed because every field of use, for different reasons, invents its own special details that need new features,” Gustavsson explains.

“The migration to PQC will be the biggest cryptographic migration the industry has seen. EJBCA should help the world transition to quantum-safe cryptography. PKI will be an ever-more integrated component of cyber security, and as such, it needs to be well integrated, automatable, easy to deploy, and very secure,” Gustavsson concluded.

EJBCA is available for free on GitHub.

Must read:

Don't miss