EJBCA ENTERPRISE
Top-Notch IT Security Software
EJBCA Enterprise
Top Notch Technology
Commonly referred to as a Certificate Authority (or CA), EJBCA Enterprise is one of the top rated IT-security software for Certificate Issuance and Certificate Management. By keeping track on who to trust, EJBCA Enterprise protects your data, allowing you to provide safe digital communication when needed.
EJBCA Enterprise
EJBCA Enterprise
EJBCA Enterprise
Extremely flexible, EJBCA Enterprise is used for most imaginable PKI use cases.
Controlling your own security
This is the one PKI software for any organization that needs to manage and operate its own serious, in-house PKI.
Deployable in your own organization, EJBCA Enterprise gives you full control of everything you do. Bundled with support and services, it allows you to handle and maintain your PKI implementation successfully, despite your level of skill.
Flexibility at all levels
EJBCA Enterprise is for all professional users, in all types of companies.
The flexibility of both the software and our organization, allows you freedom to choose which components of the package best suit your needs. It also makes our services very adaptable to your demands. We are here to discuss your needs! In the meantime, we would like to suggest that the most successful PKI implementation comes packaged.
Deploying EJBCA Enterprise obtained as a full package together with services; you can comfortably sit back and enjoy the safe and quiet ride.
*Industrial strength PKI software. Installed on your premises. Operated by you.
*Ensures your production against many undesired issues and unnecessary down time.
*Professional services. To help, mentor and guide you through the whole project life cycle.
Controlling your own security
This is the one PKI software for any organization that needs to manage and operate its own serious, in-house PKI.
Deployable in your own organization, EJBCA Enterprise gives you full control of everything you do. Bundled with support and services, it allows you to handle and maintain your PKI implementation successfully, despite your level of skill.
Flexibility at all levels
EJBCA Enterprise is for all professional users, in all types of companies.
The flexibility of both the software and our organization, allows you freedom to choose which components of the package best suit your needs. It also makes our services very adaptable to your demands. We are here to discuss your needs! In the meantime, we would like to suggest that the most successful PKI implementation comes packaged.
Deploying EJBCA Enterprise obtained as a full package together with services; you can comfortably sit back and enjoy the safe and quiet ride.
*Industrial strength PKI software. Installed on your premises. Operated by you.
*Ensures your production against many undesired issues and unnecessary down time.
*Professional services. To help, mentor and guide you through the whole project life cycle.
Key Features:
*Common Criteria EAL4+ certified
*Used in many WebTrust, CWA 14167 and eIDAS audited installations
*Integrity protected audit log (log signing), with digital signature or HMAC protection
*Full database integrity protection of all tables, to detect database manipulation
*Command line tool for verification of audit and database integrity protection
*Validation tool for conformance checking of certificates and OCSP responders
*EAC PKI (EAC 1.11 and 2.10) for ePassports and eIDs, Country Verifying CA (CVCA) and Document Verifiers (DV) issuing Inspection System (IS) certificates
*Certified access control and authorization module, for assurance and high trust role separation
*3GPP, i.e. LTE/4G, compatible PKI, using CMP with multiple Vendor CAs and vendor certificate authentication
*CMP Proxy to add an additional network layer, with message check, between the CA and CMP clients
*Command line CMP client in Java useful for scripting, testing and prototyping
*SCEP RA mode, using SCEP controlling entity creation from an RA
*SCEP Client Certificate Renewal, allowing client certificate renewal using SCEP
*Certificate Transparency, RFC6962
*CertSafe publisher to send, and revoke, certificates from a CertSafe server
*Peer Connectors for managing Peer Systems, such as OCSP Responders
*Direct Validation Authority (OCSP responder) updates from CA to VA. Ideal for low latency revocation and white listing
*External RA with a polling model for RA to CA communication, for high security environments. Ability to run the RA web UI in polling mode
*Create Crypto Tokens and CAs, generate keys and add and remove administrators through the Web Service API
*EV Certificate specific DN components as defined in CABForum guidelines (jurisdictionLocality, State and Country).
*eIDAS specific fields as defined in ETSI EN 319 412 (organizationIdentifier)
*Additional algorithms using HSMs through PKCS#11, RSASSA-PSS (SHA256WithRSAAndMGF1). Available through patches for Java
*Support for Native MS Autoenrollment in Windows environment with add-on autoenrollment proxy module
*Support for GOST and DSTU algorithms (Russian and Ukrainian algorithms)
*Penetration tested with improved security
*Used in many WebTrust, CWA 14167 and eIDAS audited installations
*Integrity protected audit log (log signing), with digital signature or HMAC protection
*Full database integrity protection of all tables, to detect database manipulation
*Command line tool for verification of audit and database integrity protection
*Validation tool for conformance checking of certificates and OCSP responders
*EAC PKI (EAC 1.11 and 2.10) for ePassports and eIDs, Country Verifying CA (CVCA) and Document Verifiers (DV) issuing Inspection System (IS) certificates
*Certified access control and authorization module, for assurance and high trust role separation
*3GPP, i.e. LTE/4G, compatible PKI, using CMP with multiple Vendor CAs and vendor certificate authentication
*CMP Proxy to add an additional network layer, with message check, between the CA and CMP clients
*Command line CMP client in Java useful for scripting, testing and prototyping
*SCEP RA mode, using SCEP controlling entity creation from an RA
*SCEP Client Certificate Renewal, allowing client certificate renewal using SCEP
*Certificate Transparency, RFC6962
*CertSafe publisher to send, and revoke, certificates from a CertSafe server
*Peer Connectors for managing Peer Systems, such as OCSP Responders
*Direct Validation Authority (OCSP responder) updates from CA to VA. Ideal for low latency revocation and white listing
*External RA with a polling model for RA to CA communication, for high security environments. Ability to run the RA web UI in polling mode
*Create Crypto Tokens and CAs, generate keys and add and remove administrators through the Web Service API
*EV Certificate specific DN components as defined in CABForum guidelines (jurisdictionLocality, State and Country).
*eIDAS specific fields as defined in ETSI EN 319 412 (organizationIdentifier)
*Additional algorithms using HSMs through PKCS#11, RSASSA-PSS (SHA256WithRSAAndMGF1). Available through patches for Java
*Support for Native MS Autoenrollment in Windows environment with add-on autoenrollment proxy module
*Support for GOST and DSTU algorithms (Russian and Ukrainian algorithms)
*Penetration tested with improved security
-Non-Smart Chip Based
Commonly based on a typical low cost EEPROM where the main protection algorithms rely more on the firmware that are bundle together rather than on the hardware. This type of hardware architecture can easily be duplicated by most Dongle Duplication Experts
-Self Definable Security Algorithms
Up to 128 self definable security algorithms that will be executed on-board when called by protected software which will then be authenticated using the popular Challenge Response Authentication to maximize the security level of the protection.
-Smart Chip Based
Advanced EAL4+ and ITSEC certified microprocessor smart chips enable the algorithm’s execution and on board seed code generation. Microprocessor smart chips also prevent hardware cloning and duplication attacks.
-Multi Levels Access Right Management
Supports multi level access right management to facilitate different access rights for the development team.
-HID Driverless
As HID driverless, SecureDongle requires no external device driver installation, thus minimizing the common technical issue arise from device driver. No driver is required. As long as a USB thumb drive is compatible with
-User-define security password
Supports on-board seed code and random number generation which developer can apply into their protection to strengthen the security and to make the protection more complicated to crack.
-Secure Communication
SecureDongle is built also with advanced encryption/decryption on communication between firmware and hardware to prevent debugging and emulator attacks.
SecureDongle Brochure
Smarter way to protect your sfotware!
1
%
of software installed on PCs around the world in 2015 were not properly licensed (a decrease from 43% in BSA’s previous global study published in 2014)
1
%
worldwide rate of unlicensed use in banking, insurance and securities industries (despite the fact that much tighter control of the digital environment is expected)
1
billion
The commercial value of unlicensed software worldwide plunged (BSA’s 2014 report cited commercial value of $62.7 billion)
Case Studies
National Cyber Security Agency (NACSA) & Securemetric Berhad
NACSA partners with Securemetric to enhance Malaysia's cybersecurity through FIDO2's passwordless authentication for critical information infrastructures.
Lazada Group’s Transition from EJBCA Community
Securemetric assisted Lazada Group's Transition from EJBCA Community to PKI-in-a-Box
Philippine Clearing House implemented PKI-In-A-Box to secure their clearing system
A significant stride was achieved when the Philippine Clearing House Corporation (PCHC) selected Securemetric to furnish and execute PKI-In-A-Box as a pivotal component of their nationwide digital security enhancement within their payment clearing system.
Universiti Utara Malaysia Entrusted Securemetric’s Microsoft Expertise
Since 2018, Securemetric's Microsoft Enterprise Solutions team, in collaboration with Sri Vision specialists, has been entrusted with the management of Universiti Utara Malaysia's IT infrastructure
Turnkey customized EJBCA Enterprise for Vietnam Government Information Security Commission
In the year 2015, Securemetric achieved a significant feat by securing a contract for a comprehensive turnkey PKI implementation for the Vietnamese Government, executed under the aegis of the Vietnam Government Information Security Commission (VGISC).…
Badan Siber Dan Sandi Negara upgraded to EJBCA Enterprise
Charged by the Indonesian government with the pivotal role of establishing and operating the Indonesia Government Certificate Authority, BSSN is entrusted with the issuance of digital identities and pivotal trust services to governmental entities nationwide.
PKI In A Box Brochure
PKI in a box is an innovative Public Key Infrastructure (PKI) appliance built by a team of highly experience PKI and Cryptography experts with the objective to simplify PKI implementation with complete feature set needed to operate a full-blown PKI out of the box.