Skip to main content
Skip table of contents

EJBCA Container Set

The EJBCA container set offers components and resources designed to facilitate the deployment and management of EJBCA in various environments. It includes distinct containers for different functionalities, Helm charts for easy orchestration, and integration with Hardware Security Modules (HSMs). The following lists key components and resources.

EJBCA Container Set Components

EJBCA containers

  • EJBCA Enterprise Edition:

    • ejbca-ee - full EJBCA Enterprise functionality.

    • ejbca-ee-ra - Registration Authority (RA).

    • ejbca-ee-va - Validation Authority (VA).

  • Community Edition:

    • ejbca-ce - EJBCA Community

Helm Charts

  • ejbca - EJBCA Enterprise Edition

  • ejbca-ce - EJBCA Community Edition

HSM sidecar containers

  • hsm-driver-utimaco - Utimaco CryptoServer

  • hsm-driver-luna7 - Thales Luna Network HSM 7

  • hsm-driver-softhsm - SoftHSM (for non-production use)

Container registries

EJBCA Enterprise containers are available on the Keyfactor Container Registry.

BASH
docker pull registry.primekey.com/primekey/ejbca-ee

EJBCA Community containers are available on Docker Hub.

BASH
docker pull keyfactor/ejbca-ce

Helm Chart registries

EJBCA Helm charts are hosted in the Keyfactor Registry.

Enterprise

BASH
helm pull oci://repo.keyfactor.com/charts/ejbca --version <VERSION>

Community

BASH
helm pull oci://repo.keyfactor.com/charts/ejbca-ce --version <VERSION>

Variant containers

By default, EJBCA Helm charts will deploy containers that run the full EJBCA functionality. If you wish to use the Enterprise VA and RA container offerings, you can do so by using the image.variant Helm Deployment Parameter with either a ra or va value.

If you use a private container registry with images imported under names that do not match ejbca-ee, ejbca-ee-ra, and ejbca-ee-va, use the image.repository parameter with the appropriate image name in your registry.

Optionally deployed resources

Resource

Version

Reference

License

Ingress NGINX

Tested with 1.9.X
Prerequisite: Controller resource is installed separately, see Ingress Installation Guide

Ingress NGINX Controller Documentation

Apache License 2.0

nginx Docker image
(Debian based)

1.27.0

NGINX on Docker Hub

Apache License 2.0

Software Bill of Materials

For a list of components and libraries used in the EJBCA containers, see the attached Software Bill of Materials (SBOM) files:

ejbca-ee-sbom.json

ejbca-ee-ra-sbom.json

ejbca-ee-va-sbom.json

The SBOM is generated in Cyclone DX format, a lightweight Software Bill of Materials (SBOM) standard, designed for use in application security contexts.

The EJBCA Enterprise container SBOMs are version-specific and updated when a new release is made available.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.