Skip to main content
Skip table of contents


EJBCA software as a Service (SaaS) provides you as a PKI professional full access to EJBCA Enterprise and all of its features.

EJBCA SaaS allows you to manage complex PKI use cases with a high number of certificates and set up an unlimited number of CAs and hierarchies. Protocols and APIs such as SCEP, CMP, EST, and ACME are supported as well as the EJBCA Rest API and WebServices Soap API, and you can integrate with for example Hashicorp Vault, MS Intune, and MS Autoenrollment.

For more information on EJBCA's capabilities and support, see EJBCA Interoperability and EJBCA Integration.

EJBCA SaaS Setup

Setting up EJBCA is as straightforward as the following steps.

Get Your Instance 

1 - Sign up for the services on the AWS marketplace

  • Select your EJBCA SaaS subscription and configure your contract details

2 - PKI Service set-up and configuration via the Keyfactor SaaS portal

  • Set-up your account, enter a few configuration details and your PKI is ready to be deployed

Run Your PKI

3 - Start your PKI set-up, define your CAs, and leverage all protocols and open APIs, available for full application integration and automation

For step-by-step instructions, see EJBCA SaaS AWS Launch Guide.

EJBCA SaaS Contract Options

You select your preferred size and contract length (or term) of the PKI to be deployed. Each of these PKI options is capable of delivering a certain level of transactions per second and can be scaled to match the PKI requirements of your organization as you grow. For more details, see Contract Subscription Options.

Instant Subscription and On Demand Provisioning

EJBCA SaaS is supplied as an instant subscription through the marketplace without any sales process required. The on-demand provisioning means that everything is uniquely configured for you upon startup without any pre-provisioned infrastructure. 

Launch EJBCA SaaS

For EJBCA SaaS, you subscribe through the marketplace and access the EJBCA SaaS in Keyfactor's environment.

For information on how to deploy EJBCA SaaS AWS by creating your EJBCA SaaS contract, set up your account, deploy your PKI, and access EJBCA, see the EJBCA SaaS Launch Guide.

Keyfactor SaaS Portal

After subscribing to EJBCA SaaS on the marketplace, you are directed to the Keyfactor SaaS portal to register your account and select EJBCA SaaS configuration details to automatically set up the infrastructure for you.

The dashboard and intuitive charts display critical information such as total certificates generated, certificates generated each hour over a 24 hour period, and expiring certificate quantities over the next 30, 60, and 90 days. For more information, see Navigating EJBCA SaaS Portal.

Security Policies and Compliance Frameworks

EJBCA SaaS was created with the customer in mind. You, as the customer, can control your environment while also using the full power of EJBCA. We at Keyfactor will manage the infrastructure and the behind-the-scenes cloud components so you don't have to worry about them. We are using some of our best engineers to manage and build the infrastructure for your environment. As we share the burden of maintaining a safe and reliable PKI environment, we are providing information to describe our security posture and determination to protect your data. For more information, see Our Security Policies and Compliance Frameworks

No Vendor Lock-in

With EJBCA SaaS deployed, corporations and their private keys will not be dependent upon or locked into Keyfactor. Customer KMS keys are provisioned in an isolated fashion to separate them from operational infrastructure and keep access controlled and secure. This also allows Keyfactor to detach this account and deliver the account holding the private keys back to customers if desired. To review questions and answers about EJBCA SaaS, see EJBCA SaaS FAQ.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.