Skip to main content
Skip table of contents

EJBCA SaaS 1.0 Release Notes

PrimeKey is pleased to announce the very first release of EJBCA SaaS version 1.0.

EJBCA SaaS provides you with the full power of EJBCA Enterprise, but without the need for managing the underlying infrastructure. Set up your EJBCA instance on AWS, and PrimeKey makes sure that your PKI infrastructure is managed according to best practices and with the highest assurance. Choose your preferred subscription, leverage the elasticity and global presence of the service as you scale your infrastructure, and rest assured that you will have a guaranteed SLA that you will not have to maintain.


Instant Subscription and On Demand Provisioning

EJBCA SaaS is supplied as an instant subscription through the AWS Marketplace without any sales process required. The on-demand provisioning means that everything is uniquely configured for you upon startup without any pre-provisioned infrastructure. For more information, see EJBCA SaaS Launch Guide.

EJBCA SaaS Subscription Options

The different EJBCA SaaS subscription options allow you to select your preferred size and contract length (or term) of the PKI to be deployed. Each of these PKI options is capable of delivering a certain level of transactions per second and can be scaled to match the PKI requirements of your organization as you grow. For more details, see Contract Subscription Options.

PrimeKey SaaS Portal

Your PKI service is set-up and configured via the PrimeKey SaaS portal. After subscribing to EJBCA SaaS on the AWS Marketplace, you are directed to the PrimeKey SaaS portal to register your account and select EJBCA SaaS configuration details to automatically set up the infrastructure for you.

Dashboard and Charts

Intuitive charts displaying critical information such as total certificates generated, certificates generated each hour over a 24 hour period, and expiring certificate quantities over the next 30, 60, and 90 days.

For more information, see Navigating EJBCA SaaS Portal.

Private Keys Stored Securely in AWS KMS

The only keys PrimeKey provisions are test keys to establish your private key storage.  Users create their own private keys for their CAs when they are ready. Full documentation with step-by-step instructions on how to configure keys in EJBCA SaaS is available in the EJBCA SaaS Launch Guide.

Dedicated Offline Root CA

Each deployment of EJBCA SaaS comes with a dedicated offline Root CA node. This Root CA is a node dedicated to each customer used to sign their own private issuing CA. Users control when this node runs from the EJBCA SaaS portal for automated startup and shutdown. For more information, see Navigating EJBCA SaaS Portal.

No Vendor Lock-in

With EJBCA SaaS deployed, corporations and their private keys will not be dependent upon or locked into PrimeKey. Customer KMS keys are provisioned in an isolated fashion to separate them from operational infrastructure and keep access controlled and secure. This also allows PrimeKey to detach this account and deliver the AWS account holding the private keys back to customers if desired. To review questions and answers about EJBCA SaaS, see EJBCA SaaS FAQ.

Non-Prod Included with Medium Sized Deployments

With all medium-sized deployments, users will be provisioned an additional non-production EJBCA node allowing admins to test in their SaaS environment, any changes they want to push to their production PKI.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.