After long development we are proud to release EJBCA 3.6.0. From EJBCA's home page:
EJBCA is a fully functional Certificate Authority. Based on J2EE technology it constitutes a robust, high performance and component based CA. Both flexible and platform independent, EJBCA can be used standalone or integrated in any J2EE application. EJBCA is an enterprise class PKI, meaning that you can use EJBCA to build a complete PKI infrastructure for your organisation. If you only want to issue a few single certificates for testing, there are probably options that will get you started quicker, but if you want a serious PKI we recommend EJBCA. You can use EJBCA to issue certificates for different purposes such as:
  • Strong authentication for users accessing your intranet/extranet/internet resources.
  • Secure communication with SSL servers and SSL clients.
  • Smart card logon to Windows and/or Linux.
  • Signing and enrypting email.
  • VPN connections by issuing certificates to your VPN routers such as OpenVPN, Cisco, Juniper etc.
  • Client VPN access with certificates in users VPN clients.
  • Single sign-on by using a single certificate to secure logon to web applications.
  • Creating signed documents.
  • Issue citizen certificates for access to government resources, used in passports etc.
This is a major release, suitable for large installations with high availability and security requirements. Notable changes in no specific order:
  • New (optional) fully clusterable log system with advanced log signing.
  • Support for more extensions (FreshestCRL, caIssuers, more extended key usages, multiple policy statements)
  • More WebService API commands.
  • Support for Oracle Application Server and Websphere, improvements for Weblogic.
  • Support for DB2 database.
  • Support for delta CRLs
  • Auto-enroll certificates for Microsoft systems (see Howto.
  • Improved PKCS#11 support for HSMs.
  • OCSP improvements, support for PKCS#11 HSMs on external OCSP responder.
  • External RA improvements, better configuration and SCEP improvements.
  • LDAP publisher improvements.
  • User notification improvements.
  • New Wiki
Read the changelog for details. There are many different PKI products for different purposes. EJBCA is definitely targeted for the type of PKI which is large, has a complex structure issuing certificates for many different purposes from several CAs, and/or has high availability requirements. Clustered HA environments I think have interesting requirements and characteristics for an enterprise application. Being open source EJBCA is much more flexible for integrations and adaption for different environments than the commercial offerings. What are your experiences with integrating PKI?