EJBCA 3.0 final has been released. EJBCA is a fully functional open source Certificate Authority built on J2EE. EJBCA aims to be a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in J2EE applications.
The most important improvment in version 3.0 is that it is now possible to run several PKI infrastructures within one single instance of EJBCA. Among other major improvements are also complete support for OCSP, enhanced hard token interface and flexible LDAP configuration through the Web-GUI.
- Open Source (LGPL) license.
- Built on the J2EE 1.3 (EJB 2.0) specification.
- Flexible, component based architecture.
- Multiple CAs and levels of CAs, build a complete infrastructure (or several) within one instance of EJBCA.
- Standalone or integrated in any J2EE application.
- Simple installation and configuration.
- Powerful Web based administration GUI using strong authentication.
- Command line administration for scripts etc.
- Individual enrollment or batch production of certificates.
- Server and client certificates can be exported as PKCS12, JKS or PEM.
- Browser enrollment with Netscape, Mozilla, IE, etc.
- Enrollment for other applications through open APIs and tools.
- E-mail notification to new users added by RA.
- Random or manual password for initial user authentication.
- Hard token module for integrating with hard token issuing system (smart cards).
- Supports the Simple Certificate Enrollment Protocol (SCEP).
- Multiple levels of administrators with specified privileges and user groups.
- Configurable certificate profiles for different types and contents of certificates.
- Configurable entity profiles for different types of users.
- Follows X509 and PKIX (RFC3280) standards where applicable.
- Revocation and Certificate Revocation Lists (CRLs).
- Fully supports the Online Certificate Status Protocol (OCSP), including AIA-extension.
- CRL creation and URL-based CRLDistribution Points according to RFC3280.
- Stores Certificates and CRLs in any SQL database (handled by application server).
- Optional multiple publishers for publishing certificates and CRLs in LDAP and other stores.
- Key recovery module to store private keys for recovery for selected users and certificates.
- Component based architecture for publishing certificates and CRLs to different sources.
- Component based architecture for various authorization methods of entities when issuing certificates.
- Easy to integrate into large applications for optimal integration into bussiness process.
Check out EJBCA at: http://ejbca.sourceforge.net/