Sold by: Keyfactor, Inc.
Deployed on AWS
Free Trial
EJBCA PKI for Enterprises - A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA); enabling multiple use cases and standards compliance.
Overview
EJBCA PKI for Enterprises - A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA); enabling multiple use cases and standards compliance. EJBCA now includes support for CloudHSM and AWS KMS, has introduced support for the ACME protocol and has a REST API. Please visit the EJBCA Enterprise Cloud documentation for CloudHSM and AWS KMS integration guides. This instance includes 24x7 Premium Support but is functionally identical to the Standard listing.
Version 2.0 and above now feature a web based configuration wizard so options to install directly into an RDS database or even have the ManagementCA keys be generated directly into CloudHSM can be chosen.
Please contact us for multi-node enterprise pricing at sales@keyfactor.com !
Highlights
- Multiple CAs and levels of CAs, build a complete infrastructure (or several) within one instance of EJBCA.
- Unlimited number of Root CAs and SubCAs. Request cross certificates and bridge certificates from other CAs and Bridge CAs. Issue cross certificates to other CAs.
- Support all common PKI Architectures, as well as many uncommon. Store keys in CloudHSM, AWS KMS, in a PKCS11 connected HSM, or in the database (for demo).
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
9.3.0, v4.3.0 Component
AWS Image Builder Component for EJBCA Enterprise
Latest version
Operating system
AmazonLinux 2023
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator� to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3a.large Recommended | $2.97 |
t3a.xlarge | $4.60 |
t3.large | $2.97 |
r5a.large | $3.57 |
t3a.2xlarge | $6.23 |
t3.2xlarge | $6.23 |
m5a.large | $2.97 |
t3.medium | $2.52 |
t2.2xlarge | $6.23 |
t2.medium | $2.52 |
Vendor refund policy
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
Resources
Support
Vendor support
Product Support: To register with PrimeKey, a Keyfactor Company Support, please send an email to support@primekey.com and note that you are an AWS customer. Please note that PrimeKey, a Keyfactor Company Support has no other way to identify you as a PrimeKey, a Keyfactor Company customer unless you contact us at support@primekey.com and state that you are a PrimeKey, a Keyfactor Company customer on AWS.
Sales Support: If you would like to speak with a pre-sales engineer/sales representative from PrimeKey, please complete the following form and we will be in touch with you as quickly as possible:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Keyfactor, Inc.
By AppViewX
By COSMIAN
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Certificate Authority Management
Supports multiple Certificate Authorities (CAs) and sub-CAs with ability to create complete PKI infrastructure within a single instance
Key Storage Flexibility
Supports key storage in CloudHSM, AWS KMS, PKCS11 connected HSM, and database
Protocol Support
Includes native support for ACME protocol and provides REST API for integration
Standards Compliance
Enables full life-cycle control of digital certificates with support for Certificate, Registration, and Validation Authorities
Configuration Management
Web-based configuration wizard for simplified installation and deployment options including direct RDS database integration
Public Key Infrastructure
"Comprehensive PKI solution supporting private trust certificate use cases with enterprise-grade Certificate Authority provisioning"
Cryptographic Security
"Support for NIST-standardized Post-Quantum Cryptography (PQC) encryption algorithms including Dilithium, SPHINCS+, and Falcon"
Hardware Security
"FIPS 140-2 Level 3 validated Cloud HSMs with high availability for securing Certificate Authority keys"
Certificate Management
"Integrated Certificate Lifecycle Management (CLM) for automated certificate provisioning across multiple endpoints"
Migration Capability
"Ability to perform lift and shift migration from existing on-premises Certificate Authorities like Microsoft CA to cloud-based infrastructure"
Key Management Lifecycle
"Comprehensive key management system with capabilities for key storage, generation, rotation, distribution, and usage policy enforcement"
Encryption Library Support
"Supports FIPS 140-3 validated encryption libraries and advanced cryptographic algorithms including post-quantum resistant Covercrypt"
Public Key Infrastructure Integration
"Seamless integration with external PKI systems for cross-organizational key governance and management"
Confidential Computing
"Runs inside a verifiable and confidential virtual machine ensuring data confidentiality at rest and in use with no hardware or software tampering"
Cryptographic Access Control
"Implements advanced access policy mechanisms for encryption keys using Covercrypt technology with post-quantum resistance"
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
35 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
David T. K.
Powerful PKI toolset, with a steep step-up to get value
Reviewed on Oct 07, 2025
Review provided by G2
What do you like best about the product?
EJBCA offers a wealth of capabilities, enabling virtually all workflows for enrolling, managing, and distributing certificates. EJBCA often implements leading-edge features ahead of other PKI toolkits, enabling early access to capabilities.
What do you dislike about the product?
Implementing EJBCA is challenging, when using the straightforward software distribution methods. I know this can be remedied when using virtual appliances on either a virtualization platform or containers platform.
What problems is the product solving and how is that benefiting you?
We anticipate EJBCA solving hands-off certificate enrollment/renewal, as well as enabling us to offer quantum-safe certificates to early adopters.
Computer & Network Security
Good overall product
Reviewed on Oct 07, 2025
Review provided by G2
What do you like best about the product?
you can create multiple CAs in one machine.
What do you dislike about the product?
RA web UX/UI needs to be improved as it is hard sometimes to know exactly what to do
What problems is the product solving and how is that benefiting you?
security and ease of use
Alston Bejo P.
User Experience and Onboarding
Reviewed on Sep 21, 2025
Review provided by G2
What do you like best about the product?
Keyfactor EJBCA is built with a comprehensive REST API. This is crucial for a PKI management tool like Keyfactor Command, as it allows for programmatic and automated lifecycle management of certificates. Instead of manual certificate requests, the API enables Keyfactor Command to enroll, renew, and revoke certificates on a massive scale, which is the entire purpose of a streamlined PKI management system.
What do you dislike about the product?
The platform is incredibly powerful, but the sheer number of features and the complex UI make it feel like a tool for PKI experts, not for general IT administrators. A smoother onboarding process or more intuitive UI similar to keyfactor command for handling common tasks would be a massive improvement
What problems is the product solving and how is that benefiting you?
while the POC may have hit a snag, the underlying architecture of Keyfactor EJBCA is what makes it a premier choice for integration with a PKI management tool.
Telecommunications
Consistently Reliable and Flexible PKI Platform
Reviewed on Sep 12, 2025
Review provided by G2
What do you like best about the product?
"What I like best about Keyfactor EJBCA is its reliability and flexibility. It fully meets our security and compliance requirements, and over the years it has consistently proven to be a stable and dependable solution. In addition, the support team has always provided prompt and precise feedback whenever needed."
What do you dislike about the product?
"Overall, there is not much to dislike about Keyfactor EJBCA. The documentation could be even more comprehensive in some advanced areas, but the support team has always been very responsive and helpful in clarifying any doubts."
What problems is the product solving and how is that benefiting you?
Keyfactor EJBCA is helping us manage our public key infrastructure reliably and securely. It ensures compliance with our security requirements, simplifies certificate management, and gives us the confidence that our systems are protected.
Daniela P.
Easy to deploy, supports multiple protocols and integrations
Reviewed on Aug 12, 2025
Review provided by G2
What do you like best about the product?
Deployment of the hardware and software appliances process is straight forward, same with the regular update process.
Deployment of trust chain process is easy enough.
REST APIs are available, integration with Microsoft world is possible.
It seems ACME, EST, CMP protocols are available as well, however we have not tested them yet.
Deployment of trust chain process is easy enough.
REST APIs are available, integration with Microsoft world is possible.
It seems ACME, EST, CMP protocols are available as well, however we have not tested them yet.
What do you dislike about the product?
Replacement of hardware seems to happen more often than desired, i would expect to keep a hardware until its end of life however we are forced now after less than 2 years after purchasing the appliances, to migrate to different hardware.
It was a bit difficult to comprehend the concepts of Certificate and End Entity profiles and why they are split into two separate configuration.
OCSP configuration is cumbersome, OCSP signer certificates are not being renewed automatically.
Trainings and troubleshooting information is not much available.
Reporting could be improved, it only allows 500 certificates to be listed.
Does not allow permissions to be configured on profiles.
It was a bit difficult to comprehend the concepts of Certificate and End Entity profiles and why they are split into two separate configuration.
OCSP configuration is cumbersome, OCSP signer certificates are not being renewed automatically.
Trainings and troubleshooting information is not much available.
Reporting could be improved, it only allows 500 certificates to be listed.
Does not allow permissions to be configured on profiles.
What problems is the product solving and how is that benefiting you?
We need a PKI that is supported and that can be integrated with our existing infrastructure to enable certificate deployment