Features

Features

Built on the J2EE 1.3 (EJB 2.0) specification.

• Flexible, component based architecture.
• Using standard, high performance RDBMS for storage.
• Multiple CAs and levels of CAs, build a complete infrastructure (or several) within one instance of EJBCA.
• Supports RSA key algorithm up to 4096 bits.
• Supports ECDSA key algorithm with named curves or implicitlyCA.
• Support multiple hash algorithms for signatures, MD5, SHA-1, SHA-256.
• Standalone or integrated in any J2EE application.
• Simple installation and configuration.
• Powerful Web based administration GUI using strong authentication.
• Administration GUI available in several languages - Chinese, English, French, German, Italian, Portuguese, Spanish and Swedish.
• Internal log messages are localizable for different languages.
• Command line administration for scripts etc.
• Web service interface for remote administration and integration.
• Modular API for HSMs. Built in support for nCipher, PrimeCardHSM, Eracom (now SafeNet), SafeNet Luna, Utimaco CryptoServer, AEP Keyper, ARX CoSign and other HSMs with a good PKCS#11 library.
• Supports different architectures; all-in-one, clustered, external RA, external OCSP, etc.
• Individual enrollment or batch production of certificates.
• Server and client certificates can be exported as PKCS12, JKS or PEM.
• Browser enrollment with Netscape, Mozilla, IE, etc.
• Enrollment for other applications through open APIs and tools.
• Enrollment generating complete OpenVPN installers for VPN users.
• Smart card logon certificates.
• Notification system for e-mail notification to users and administrators when a user is added or certificates expire etc.
• Random or manual password for initial user authentication.
• Hard token module for integrating with hard token issuing system (smart cards).
• Multiple levels of administrators with specified privileges and user groups.
• Configurable certificate profiles for different types and contents of certificates.
• Configurable entity profiles for different types of users.
• Supports the Simple Certificate Enrollment Protocol (SCEP).
• Follows X509 and PKIX (RFC3280) standards where applicable.
• Qualified Certificate Statement (RFC3739) for issuing EU/ETSI qualified certificates.
• Supports the Online Certificate Status Protocol (OCSP - RFC2560), including AIA-extension.
• OCSP responder can run integrated with EJBCA or stand alone (clustered) for security, high-performance and high-availability.
• Simple OCSP client in pure java.
• Supports a subset of CMP (RFC4210 and RFC4211).
• Supports synchronous XKMS version 2 requests.
• Revocation and Certificate Revocation Lists (CRLs).
• CRL creation and URL-based CRLDistribution Points according to RFC3280.
• Stores Certificates and CRLs in SQL database, LDAP and/or other custom data source.
• Optional multiple publishers for publishing certificates and CRLs in LDAP or legacy databases. Several flexible standard publishers exist to meet different demands.
• Supports authentication and publishing of certificates to Microsoft Active Directory.
• Autoenrollment for windows clients.
• Component- and plug-in based architecture for publishing certificates and CRLs to different sources.
• Key recovery module to store private keys for recovery for selected users and certificates.
• Advanced log signing of PKI audit logs.
• API for an external RA, restricting in-bound traffic to CA.
• Optional approval mechanism so several admins are required to perform an action, a.k.a. dual-authentication.
• Component based architecture for various authorization methods of entities when issuing certificates.
• Possible to integrate into large java applications for optimal integration into bussiness process.
• Deploys easily in a clustered, high availability environment.
• Health check service to support efficient clustering and monitoring.
• Supports multiple application servers: JBoss, Weblogic, Glassfish, OC4J, Websphere
• Supports multiple databases: Hypersoniq, MySQL, PostgreSQL, Orcale, DB2, MS-SQL, Derby, Sybase, Informix.