Sold by: Keyfactor, Inc.
Deployed on AWS
Free Trial
EJBCA PKI for Enterprises - A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA); enabling multiple use cases and standards compliance.
Overview
EJBCA PKI for Enterprises - A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA); enabling multiple use cases and standards compliance. EJBCA now includes support for CloudHSM and AWS KMS, has introduced support for the ACME protocol and has a REST API. Please visit the EJBCA Enterprise Cloud documentation for CloudHSM and AWS KMS integration guides. This instance includes 24x7 Premium Support but is functionally identical to the Standard listing.
Version 2.0 and above now feature a web based configuration wizard so options to install directly into an RDS database or even have the ManagementCA keys be generated directly into CloudHSM can be chosen.
Please contact us for multi-node enterprise pricing at sales@keyfactor.com !
Highlights
- Multiple CAs and levels of CAs, build a complete infrastructure (or several) within one instance of EJBCA.
- Unlimited number of Root CAs and SubCAs. Request cross certificates and bridge certificates from other CAs and Bridge CAs. Issue cross certificates to other CAs.
- Support all common PKI Architectures, as well as many uncommon. Store keys in CloudHSM, AWS KMS, in a PKCS11 connected HSM, or in the database (for demo).
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
9.3.0, v4.3.0 Component
AWS Image Builder Component for EJBCA Enterprise
Latest version
Operating system
AmazonLinux 2023
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3a.large Recommended | $2.97 |
t3.large | $2.97 |
t3a.xlarge | $4.60 |
t3a.2xlarge | $6.23 |
r5a.large | $3.57 |
t2.2xlarge | $6.23 |
t2.medium | $2.52 |
t3.medium | $2.52 |
t3.2xlarge | $6.23 |
m5a.large | $2.97 |
Vendor refund policy
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
Resources
Support
Vendor support
Product Support: To register with PrimeKey, a Keyfactor Company Support, please send an email to support@primekey.com and note that you are an AWS customer. Please note that PrimeKey, a Keyfactor Company Support has no other way to identify you as a PrimeKey, a Keyfactor Company customer unless you contact us at support@primekey.com and state that you are a PrimeKey, a Keyfactor Company customer on AWS.
Sales Support: If you would like to speak with a pre-sales engineer/sales representative from PrimeKey, please complete the following form and we will be in touch with you as quickly as possible:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Keyfactor, Inc.
By AppViewX
By COSMIAN
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Certificate Authority Management
Supports multiple Certificate Authorities (CAs) and sub-CAs with ability to create complete PKI infrastructure within a single instance
Key Storage Flexibility
Supports key storage in CloudHSM, AWS KMS, PKCS11 connected HSM, and database
Protocol Support
Includes native support for ACME protocol and provides REST API for integration
Standards Compliance
Enables full life-cycle control of digital certificates with support for Certificate, Registration, and Validation Authorities
Configuration Management
Web-based configuration wizard for simplified installation and deployment options including direct RDS database integration
Public Key Infrastructure
"Comprehensive PKI solution supporting private trust certificate use cases with enterprise-grade Certificate Authority provisioning"
Cryptographic Security
"Support for NIST-standardized Post-Quantum Cryptography (PQC) encryption algorithms including Dilithium, SPHINCS+, and Falcon"
Hardware Security
"FIPS 140-2 Level 3 validated Cloud HSMs with high availability for securing Certificate Authority keys"
Certificate Management
"Integrated Certificate Lifecycle Management (CLM) for automated certificate provisioning across multiple endpoints"
Migration Capability
"Ability to perform lift and shift migration from existing on-premises Certificate Authorities like Microsoft CA to cloud-based infrastructure"
Key Management Lifecycle
"Comprehensive key management system with capabilities for key storage, generation, rotation, distribution, and usage policy enforcement"
Encryption Library Support
"Supports FIPS 140-3 validated encryption libraries and advanced cryptographic algorithms including post-quantum resistant Covercrypt"
Public Key Infrastructure Integration
"Seamless integration with external PKI systems for cross-organizational key governance and management"
Confidential Computing
"Runs inside a verifiable and confidential virtual machine ensuring data confidentiality at rest and in use with no hardware or software tampering"
Cryptographic Access Control
"Implements advanced access policy mechanisms for encryption keys using Covercrypt technology with post-quantum resistance"
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
31 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Daniela P.
Easy to deploy, supports multiple protocols and integrations
Reviewed on Aug 12, 2025
Review provided by G2
What do you like best about the product?
Deployment of the hardware and software appliances process is straight forward, same with the regular update process.
Deployment of trust chain process is easy enough.
REST APIs are available, integration with Microsoft world is possible.
It seems ACME, EST, CMP protocols are available as well, however we have not tested them yet.
Deployment of trust chain process is easy enough.
REST APIs are available, integration with Microsoft world is possible.
It seems ACME, EST, CMP protocols are available as well, however we have not tested them yet.
What do you dislike about the product?
Replacement of hardware seems to happen more often than desired, i would expect to keep a hardware until its end of life however we are forced now after less than 2 years after purchasing the appliances, to migrate to different hardware.
It was a bit difficult to comprehend the concepts of Certificate and End Entity profiles and why they are split into two separate configuration.
OCSP configuration is cumbersome, OCSP signer certificates are not being renewed automatically.
Trainings and troubleshooting information is not much available.
Reporting could be improved, it only allows 500 certificates to be listed.
Does not allow permissions to be configured on profiles.
It was a bit difficult to comprehend the concepts of Certificate and End Entity profiles and why they are split into two separate configuration.
OCSP configuration is cumbersome, OCSP signer certificates are not being renewed automatically.
Trainings and troubleshooting information is not much available.
Reporting could be improved, it only allows 500 certificates to be listed.
Does not allow permissions to be configured on profiles.
What problems is the product solving and how is that benefiting you?
We need a PKI that is supported and that can be integrated with our existing infrastructure to enable certificate deployment
Government Administration
Need help with your messy certificate environment? Just replace it with keyfactor
Reviewed on Aug 06, 2025
Review provided by G2
What do you like best about the product?
Being able to kill off our onprem CAs and use your hosted solution takes a huge load off of our team. As a member of the security team I love that it's one less thing we have to worry about. Also, the ease of deploying and replacing certificates ensures we're never in a spot where a cert is going to expire and nobody knows where to go or what to do. A true lifesaver.
What do you dislike about the product?
Honestly nothing, it truly hits all of the marks. Maybe have better docs? They are already pretty good though 😂
What problems is the product solving and how is that benefiting you?
Replacement of our onprem CA, and automating the replacement of certificates. Huge time savings, security improvements, and less accidental downtime caused by cert issues.
Information Technology and Services
Unparalleled comprehensive PKI solution with complicated UI
Reviewed on Aug 05, 2025
Review provided by G2
What do you like best about the product?
The rich set of features which can handle many use cases.
Support of many standard PKI protocols like CMP, EST, SCEP, OCSP, ACME, etc. which allow integration with other solutions.
Customer support is working well and most of tickets were solved with satisfaction.
SaaS solution works without major outages for more than a year.
Support of many standard PKI protocols like CMP, EST, SCEP, OCSP, ACME, etc. which allow integration with other solutions.
Customer support is working well and most of tickets were solved with satisfaction.
SaaS solution works without major outages for more than a year.
What do you dislike about the product?
It has very complex UI with user-unfriendly and inconsistent components. Software lacks good UX assessment. On the other side it provides many useful configuration options which increases a complexity as a side effect.
What problems is the product solving and how is that benefiting you?
It provides set of features which can cover automated certificate distribution to IoT (embedded) devices in large scale. Especially useful for that case are standard enrollment protocols and support of vendor certificates.
Christian H.
6 years EJBCA
Reviewed on Aug 05, 2025
Review provided by G2
What do you like best about the product?
EJBCA is a robust and secure Public Key Infrastructure (PKI) solution, especially when deployed as Keyfactor hardware appliance. EJBCA supports a wide range of protocols and is compliant to common standards.
What do you dislike about the product?
The documentation lacks sometimes clarity and. depth
What problems is the product solving and how is that benefiting you?
EJBCA ensures the security of communication and transactions.
Md Sakib Nizam K.
EJBCA is great software and it does what it is suppose to do very well
Reviewed on Aug 05, 2025
Review provided by G2
What do you like best about the product?
It is a comprehensive and easy-to-use tool that has all the necessary features for managing a PKI hierarchy.
What do you dislike about the product?
The new EJBCA UI could have been better. I miss the old left panel quite a lot.
What problems is the product solving and how is that benefiting you?
It is maninly helps you to create and manage PKI hierarchy.