.png){kind=logo}
Get Started with EJBCA
EJBCA offers flexible deployment options to help you get started with PKI for testing, evaluation, and early-stage prototyping, without the need for a full-scale production setup. These approaches provide flexibility in exploring EJBCA’s capabilities and validating integrations with other products and systems.
This guide outlines several deployment options, including:
Docker containers for fast evaluation and proof-of-concept.
Cloud-native setups in Kubernetes using the EJBCA Community and Helm chart.
EJBCA Enterprise 30-day free trial in an AWS or Azure managed cloud environment
EJBCA PQC Lab – a pre-configured environment using EJBCA Enterprise with PQC in a cloud lab
Here is an overview of the deployment options:
Deployment Method | Use Case | Persistence | Tooling | EJBCA edition? |
|---|---|---|---|---|
Docker (ephemeral) | Quick feature testing | No | Docker | Community |
Docker (persistent) | Durable PoC, repeated testing | Yes | Docker Compose | Community |
Kubernetes (persistent) | Production-aligned evaluation | Yes | Helm | Community (limited functionality) Enterprise |
Kubernetes (ephemeral) | Quick feature testing | No | Helm | Community (limited functionality) Enterprise |
Cloud Trial | Full-featured EJBCA Enterprise evaluation for 30 days | Yes | AWS/Azure Marketplace | Enterprise |
PQC Lab Test Drive | Post-Quantum Cryptography testing for 30 days | Yes | Preconfigured Azure Cloud Lab | Enterprise |
EJBCA Community vs Enterprise Options
Deployment options are provided for both the EJBCA Community and EJBCA Enterprise editions:
EJBCA Community Edition provides a core set of capabilities for evaluation and testing. It is open-source and well-suited for testing, learning, and prototyping, but it is not designed or supported for production use.
EJBCA Enterprise Edition is recommended for PKI deployments supporting business-critical systems or critical infrastructure. It offers the security hardening, automation, scalability, and professional support required in production. Some advanced features and deployment methods described in this guide are only available in the Enterprise Edition.
Why Use EJBCA PKI during Development and Prototyping
Many development and testing environments rely on self-signed certificates or ad hoc tools and scripts. While these approaches are simple to start with, they often lead to long-term challenges around maintainability, security, and compliance. Such setups are not suitable for business-critical systems or critical infrastructure applications and platforms.
Since PKI is a foundational component of any security solution, production environments require a properly managed and supported PKI to ensure reliability, scalability, and compliance.
Using a standards-based PKI solution such as EJBCA during development helps:
Simulate real-world trust models.
Prepare for compliance and production-readiness.
Reduce integration errors later in the software lifecycle.
Reuse the same toolchain across development, staging, and production.
Be ready to scale securely
Migration to Enterprise is straightforward, regardless of whether you start with Community or a free trial
Try EJBCA Container deployment options
Ephemeral EJBCA Using Docker
Spin up a temporary EJBCA instance for quick testing without persisting any data.
Purpose: Try a feature, test an API, or verify configuration.
Data persistence: None. The container is removed after use.
This is useful when testing configuration flows or features that don’t require long-term storage or backups. Step-by-step guides and videos are provided, demonstrated with the Community Edition of EJBCA, which is readily available via Docker Hub.
Read more:
Quick Start Guide - Start EJBCA Container with Unauthenticated Network Access
Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access
Persistent EJBCA with Docker or Docker Compose
For a more durable evaluation or prototype environment, use Docker with mounted volumes or Docker Compose.
Purpose: Evaluate EJBCA features over time, build PoCs, and integrate with other systems.
Data persistence: Yes. Mounted volumes ensure data is retained between restarts.
The step-by-step guides and video examples leverage the Community edition of EJBCA. You can also pull the EJBCA Community container from the AWS Marketplace.
Read more: Tutorial - Start out with EJBCA Docker container
Kubernetes Deployment Using the EJBCA Helm Chart
The official EJBCA Helm chart provides a Kubernetes-native deployment option.
Purpose: Evaluate EJBCA in environments that mirror production.
Features:
Helm-based deployment and upgrades.
Ephemeral or persistent volumes and configurable resources.
Optional ingress, clustering, and external database integration.
Get the full Kubernetes experience - this is suitable for users who:
Are using Kubernetes.
Want to test integrations with cert-manager, Istio, SPIRE, or other Kubernetes-native tools.
There are tutorials available for both a more basic EJBCA Community installation using Helm and more advanced Enterprise High-Availability, resilience, and scaling options.
The same Helm chart can be used to deploy both EJBCA Community and Enterprise editions.
Read more:
Deploy EJBCA Enterprise on AWS or Azure (30-day free trial)
EJBCA Enterprise is available as a 30-day free trial on both Amazon Web Services (AWS) and Microsoft Azure.
Use this option to evaluate EJBCA Enterprise features in a managed cloud environment. If the deployment meets your requirements, you can convert it into a commercial instance without redeploying.
Read more: Video Tutorial - Setting up a Free Trial Version of EJBCA on AWS
Try EJBCA Enterprise with PQC in a cloud lab
Use this option to quickly get to know and evaluate Post-Quantum Cryptography (PQC) capabilities in EJBCA Enterprise. The PQC Lab Test Drive on Azure provides a pre-configured environment where you can issue quantum-safe certificates without any configuration or installation.
Read more: Quick Start Guide - PQC Lab Test Drive
Next Steps: Configure Your PKI for Testing
After completing your initial deployment, the next step is to configure your Public Key Infrastructure (PKI) to support your testing or evaluation use case. This typically includes setting up certificate authorities (CAs), defining roles and permissions, and issuing test certificates.
To help you get started quickly, there are multiple how-to guides that walk you through the essential tasks, such as:
Create a PKI Hierarchy
Create your first Root CA
Create your first issuing CA
Configuring Revocation
Set up roles and permissions
etc
These guides are designed to help you get a working PKI configuration with minimal effort and are applicable for both Community and Enterprise users unless otherwise stated.
Read more: Tutorials and Guides
Related Content
Hands-on Guides
Quick Start Guide - Start EJBCA Container with Unauthenticated Network Access
Quick Start Guide - Start EJBCA Container with Client Certificate Authenticated Access
Tutorial - Start out with EJBCA Docker container (Docker Compose)
Video Tutorial - Setting up a Free Trial Version of EJBCA on AWS
Contact us
Request a live demo with one of our experts — whether you want to explore workflows hands-on or discuss your specific needs.