PrimeKey EJBCA Software Appliance offers the complete feature set needed to operate a comprehensive, highly available PKI. It is based on PrimeKey EJBCA Enterprise, with easy-to-use management functions, and packaged as an OVA that allows you to leverage your existing virtualization environment and Hardware Security Module infrastructure.
Depending on your requirements, we offer 7 software appliance models. The models mainly differ when it comes to the number of certificates that they can support but there are also Validation Authority (VA) and Registration Authority (RA) models that can be deployed as standalone units.
Hardware Appliance Models
All models include EJBCA Enterprise with a core library for Certificate Authority (CA), Registration Authority (RA), and Validation Authority (VA) functionality capable of hosting an unlimited number of CAs.
Extra Small (XS)
Model Extra Small is the smallest software appliance with support for up to 1,000 certificates. This model is ideal for an offline Root CA in a PKI deployment.
This is your PKI start environment - EJBCA with everything you need. The Small model supports the operation of multiple, independent PKI hierarchies with one installation. In addition, this model includes Registration Authority (RA) functionality and highly flexible integration interfaces based on web services, REST API, and support for ACME, CMP v2 RFC 4210, SCEP, and EST. This model supports up to 1 M certificates. Many customers are utilizing the Small model for test or lab environments.
Model Medium is the right choice if you already know that you need to issue and manage more certificates. This model supports up to 15 million certificates.
Model Large can manage even more certificates. If you have one or a couple of use cases that require a high number of certificates, and you soon expect to add additional use cases on top, then you should choose this model. This model supports up to 60 million certificates.
Extra Large (XL)
Model XL is suited for extremely large PKI deployments with the need for more than 100 million certificates. It supports up to 160 million certificates.
Validation Authority (VA) Appliance
Validation Authority (VA) hardware appliance is a standalone, turn-key solution that brings all components needed to deploy and operate a Validation Authority (VA). It includes a complete OCSP responder, serving an unlimited number of Certification Authorities (CAs), and a CRL and CA certificate download service and an integrated HSM.
Registration Authority (RA) Appliance
Registration Authority (RA) hardware appliance model is a standalone toolbox that provides for enrollment of certificates for people, software, or things. It is often desirable to physically separate CA and RA, allowing the CA to reside in a secure environment with minimal access, while the RA can reside in a DMZ or even publicly. The standalone RA hardware appliance enables an additional layer of security around the CA.
Model Comparison Overview
The following provides a model comparison overview.
EJBCA Hardware Appliance
|Technology stack: EJBCA Enterprise & Secure Foundation Platform Based on CentOS|
|Protocols & API’s|
|Certificate Validation (OCSP/CRL)||CRL||CRL|
|Certificate Capacity||Up to |
|Up to 1 M||Up to |
|Up to 60 M||Up to 160 M||NA||NA|
|Simplified Backup and restore routines|
|Complete and tested software package for updates and upgrades|
Flexible performance and architecture adaptation (redundancy support)
|External HSM Support|
|SNMP, Syslog, Audit Log|