Using EJBCA as a Standalone CA/RA/VA

The following outlines the architecture of a standalone CA/RA/VA.

Standalone CA/RA/VA

You can deploy a complete PKI in a single instance. Since EJBCA has everything built-in you can have a single instance functioning as both CA and RA. This is a very efficient, easy to manage, and cost-effective solution that is suitable for many SME enterprise deployments.

draw.io

Source page access error: cannot display diagram

Multiple CAs for different use-cases can co-exist in a single instance and security levels can be scaled with, for example:

  • Administrators can use smart cards or soft tokens for accessing the administration interface.
  • The CA can use an HSM or soft tokens for the CA signing keys.
  • Users and machines can be issued with soft tokens or smart cards/USB tokens.
  • Various filtering options can be deployed in firewalls.

For more information on creating a CA with EJBCA, see EJBCA Operations Guide.