Skip to main content
Skip table of contents

Subscribe to EJBCA SaaS in AWS

For EJBCA Software as a Service (SaaS), subscribe through AWS Marketplace and access the EJBCA SaaS in Keyfactor’s environment.

EJBCA SaaS is offered in the AWS Marketplace pricing model as a SaaS contract-based subscription. The contract options allow users to select the duration of the contract and the size of the PKI to be deployed. After subscribing to EJBCA SaaS on the AWS Marketplace, users are directed to the EJBCA SaaS portal to register, create an account and select EJBCA SaaS configuration details.

Follow the steps outlined below to subscribe to EJBCA SaaS in AWS.

Step 1 - Select Product

Browse to the AWS Marketplace and search for "EJBCA SaaS" or "Keyfactor" to display the EJBCA SaaS product options.

The EJBCA SaaS products have different options with regards to location and key storage. 

  • EJBCA SaaS - KMS Backed CA in the US Region

  • EJBCA SaaS - KMS Backed CA in the AP Region

  • EJBCA SaaS - KMS Backed CA in the EU Region

  • EJBCA SaaS - CloudHSM Backed CA in the US Region

  • EJBCA SaaS - CloudHSM Backed CA in the AP Region

  • EJBCA SaaS - CloudHSM Backed CA in the EU Region

Note that the SaaS products are fully hosted and managed by Keyfactor and require no customer maintenance. If it is desired to launch a PKI in a private VPC within an owned environment, please refer to EJBCA Cloud.

Select the region desired to deploy in by clicking the Regional product listing desired. For example, if the U.S. region of AWS is desired to have the PKI deployed to, select the EJBCA SaaS - KMS Backed CA in the US Region product option and click Continue.

Step 2 - Configure EJBCA SaaS Contract

To configure the EJBCA SaaS contract subscription, select the following:

Contract Duration

Select the contract duration, that is the duration being subscribed to for the EJBCA SaaS PKI. The options are 1, 12, 24, and 36 months with each longer duration providing a larger discount than the one before it.

Renewal Settings

Select the renewal settings. Select Yes to allow AWS to automatically renew the contract for the same duration based on the previously selected subscription duration.

Contract Options

Select the contract options. This is effectively the size of the PKI that will be deployed which dictates processing power of certificates.

KMS

  • EJBCA Saas KMS XS: Two load-balanced nodes (2 cores, 2GB RAM each), db.t2.small 1000 IOPS RDS database with read replica, KMS backed CA Keys.

  • EJBCA Saas KMS S: Two load-balanced nodes (2 cores, 6GB RAM each), db.t2.small 2000 IOPS RDS database with read replica, KMS backed CA Keys.

  • EJBCA Saas KMS M: Two load-balanced nodes (2 cores, 8GB RAM each), db.t2.medium RDS 3000 IOPS database with read replica, KMS backed CA Keys.

CloudHSM

  • EJBCA Saas CloudHSM XS: Two load-balanced nodes (2 cores, 2GB RAM each), db.t2.small 1000 IOPS RDS database with read replica, CloudHSM backed CA Keys on a single CloudHSM.

  • EJBCA Saas CloudHSM S: Two load-balanced nodes (2 cores, 6GB RAM each), db.t2.small 2000 IOPS RDS database with read replica, CloudHSM backed CA Keys on a redundant pair of CloudHSMs.

  • EJBCA Saas CloudHSM M: Two load-balanced nodes (2 cores, 8GB RAM each), db.t2.medium 3000 IOPS RDS database with read replica, CloudHSM backed CA Keys on a redundant pair of CloudHSMs.

Each of these PKIs are capable of delivering a certain level of transactions per second that can scale to your organization's needs. AWS allows users to select a higher option at any time, billing the account the difference, but does not allow users to select a cheaper option. For example, you can select Small (S ) and then later Medium (M), but cannot go back to Small (S) until the current contract expires. For more information on EJBCA SaaS contract subscription options, see Contract Subscription Options.

Step 3 - Create Contract

To create the contract, follow these steps:

  1. Click Create contract to create the contract and allow AWS to bill the account for the full contract duration.

  2. Review the confirmation displaying the full contract amount that will be billed to the AWS account subscribing and then click Pay now.

  3. Review the confirmation showing that the subscription was successful and click Setup your account to be redirected to the EJBCA SaaS Portal.

Next - Register A First Time User

Next, to register in the Keyfactor Portal and log in for the first time, follow the steps described in Register a first-time user in the Keyfactor Portal.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.