Model Specifications

PrimeKey EJBCA Appliance eIDAS edition is a hardware appliance that offers the complete feature set needed to operate a comprehensive, highly available PKI. It is based on PrimeKey EJBCA Enterprise, with easy-to-use management functions, high-performance hardware and a built-in FIPS 140-2 Level 3, certified Hardware Security Module (HSM).

The EJBCA Appliance eIDAS edition model supports up to 15 million certificates.

EJBCA Appliance eIDAS Model

The model includes EJBCA Enterprise eIDAS edition with a core library for Certificate Authority (CA), Registration Authority (RA), and Validation Authority (VA) functionality capable of hosting an unlimited number of CAs.

Model Specification Overview

The following provides a model specification.

EJBCA Appliance eIDAS


Technology stack: EJBCA Enterprise & PrimeKey Secure Linux (Prime LFS)(tick)
Protocols & API’s
OCSP(tick)
SCEP(tick)
CMP(tick)
EST(tick)
ACME(tick)
WebServices API(tick)
REST API(tick)
Key Features
Certificate Capacity *Up to 15 M
Secure & Automated Backup Mechanism(tick)
2 Factor Authentication(tick)

Common Criteria PP5 certified HSM according to PP EN 419 221-5 “Cryptographic Module for Trust Services”

(tick)
Standard performance HSM inside(tick)
Dedicated Mng & App Interfaces(tick)
Redundancy(tick)
SNMP, Syslog, Audit Log(tick)
Accessories
SmartCards10
PinPad Reader1
External Battery adapter(tick)

For testing purposes, it is possible to run CA, VA, and RA on one single instance of the appliance.

*Based on EJBCA Version 7.3.x, audit log on, typical key sizes (RSA 3072 SHA 384 with RSA), typical subject DN length: 100 characters. Synthetic benchmark with a certificate revoked once a second and no further system usage.