Sold by: Keyfactor, Inc.
Deployed on AWS
Free Trial
EJBCA PKI for Enterprises - A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA); enabling multiple use cases and standards compliance.
Overview
EJBCA PKI for Enterprises - A powerful and flexible certificate issuance and management system to issue and enable full life-cycle control of digital certificate and Certificate (CA), Registration (RA) and Validation Authorities (VA); enabling multiple use cases and standards compliance. EJBCA now includes support for CloudHSM and AWS KMS, has introduced support for the ACME protocol and has a REST API. Please visit the EJBCA Enterprise Cloud documentation for CloudHSM and AWS KMS integration guides. This instance includes 24x7 Premium Support but is functionally identical to the Standard listing.
Version 2.0 and above now feature a web based configuration wizard so options to install directly into an RDS database or even have the ManagementCA keys be generated directly into CloudHSM can be chosen.
Please contact us for multi-node enterprise pricing at sales@keyfactor.com !
Highlights
- Multiple CAs and levels of CAs, build a complete infrastructure (or several) within one instance of EJBCA.
- Unlimited number of Root CAs and SubCAs. Request cross certificates and bridge certificates from other CAs and Bridge CAs. Issue cross certificates to other CAs.
- Support all common PKI Architectures, as well as many uncommon. Store keys in CloudHSM, AWS KMS, in a PKCS11 connected HSM, or in the database (for demo).
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
9.3.0, v4.3.0 Component
AWS Image Builder Component for EJBCA Enterprise
Latest version
Operating system
AmazonLinux 2023
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3a.large Recommended | $2.97 |
t3.large | $2.97 |
t3a.xlarge | $4.60 |
t3a.2xlarge | $6.23 |
r5a.large | $3.57 |
t2.2xlarge | $6.23 |
t2.medium | $2.52 |
t3.medium | $2.52 |
t3.2xlarge | $6.23 |
m5a.large | $2.97 |
Vendor refund policy
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
Resources
Support
Vendor support
Product Support: To register with PrimeKey, a Keyfactor Company Support, please send an email to support@primekey.com and note that you are an AWS customer. Please note that PrimeKey, a Keyfactor Company Support has no other way to identify you as a PrimeKey, a Keyfactor Company customer unless you contact us at support@primekey.com and state that you are a PrimeKey, a Keyfactor Company customer on AWS.
Sales Support: If you would like to speak with a pre-sales engineer/sales representative from PrimeKey, please complete the following form and we will be in touch with you as quickly as possible:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Keyfactor, Inc.
By AppViewX
By COSMIAN
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Certificate Authority Management
Supports multiple Certificate Authorities (CAs) and sub-CAs with ability to create complete PKI infrastructure within a single instance
Key Storage Flexibility
Supports key storage in CloudHSM, AWS KMS, PKCS11 connected HSM, and database
Protocol Support
Includes native support for ACME protocol and provides REST API for integration
Standards Compliance
Enables full life-cycle control of digital certificates with support for Certificate, Registration, and Validation Authorities
Configuration Management
Web-based configuration wizard for simplified installation and deployment options including direct RDS database integration
Public Key Infrastructure
"Comprehensive PKI solution supporting private trust certificate use cases with enterprise-grade Certificate Authority provisioning"
Cryptographic Security
"Support for NIST-standardized Post-Quantum Cryptography (PQC) encryption algorithms including Dilithium, SPHINCS+, and Falcon"
Hardware Security
"FIPS 140-2 Level 3 validated Cloud HSMs with high availability for securing Certificate Authority keys"
Certificate Management
"Integrated Certificate Lifecycle Management (CLM) for automated certificate provisioning across multiple endpoints"
Migration Capability
"Ability to perform lift and shift migration from existing on-premises Certificate Authorities like Microsoft CA to cloud-based infrastructure"
Key Management Lifecycle
"Comprehensive key management system with capabilities for key storage, generation, rotation, distribution, and usage policy enforcement"
Encryption Library Support
"Supports FIPS 140-3 validated encryption libraries and advanced cryptographic algorithms including post-quantum resistant Covercrypt"
Public Key Infrastructure Integration
"Seamless integration with external PKI systems for cross-organizational key governance and management"
Confidential Computing
"Runs inside a verifiable and confidential virtual machine ensuring data confidentiality at rest and in use with no hardware or software tampering"
Cryptographic Access Control
"Implements advanced access policy mechanisms for encryption keys using Covercrypt technology with post-quantum resistance"
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
11 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
David T. K.
Powerful PKI toolset, with a steep step-up to get value
Reviewed on Oct 07, 2025
Review provided by G2
What do you like best about the product?
EJBCA offers a wealth of capabilities, enabling virtually all workflows for enrolling, managing, and distributing certificates. EJBCA often implements leading-edge features ahead of other PKI toolkits, enabling early access to capabilities.
What do you dislike about the product?
Implementing EJBCA is challenging, when using the straightforward software distribution methods. I know this can be remedied when using virtual appliances on either a virtualization platform or containers platform.
What problems is the product solving and how is that benefiting you?
We anticipate EJBCA solving hands-off certificate enrollment/renewal, as well as enabling us to offer quantum-safe certificates to early adopters.
Alston Bejo P.
User Experience and Onboarding
Reviewed on Sep 21, 2025
Review provided by G2
What do you like best about the product?
Keyfactor EJBCA is built with a comprehensive REST API. This is crucial for a PKI management tool like Keyfactor Command, as it allows for programmatic and automated lifecycle management of certificates. Instead of manual certificate requests, the API enables Keyfactor Command to enroll, renew, and revoke certificates on a massive scale, which is the entire purpose of a streamlined PKI management system.
What do you dislike about the product?
The platform is incredibly powerful, but the sheer number of features and the complex UI make it feel like a tool for PKI experts, not for general IT administrators. A smoother onboarding process or more intuitive UI similar to keyfactor command for handling common tasks would be a massive improvement
What problems is the product solving and how is that benefiting you?
while the POC may have hit a snag, the underlying architecture of Keyfactor EJBCA is what makes it a premier choice for integration with a PKI management tool.
Government Administration
Need help with your messy certificate environment? Just replace it with keyfactor
Reviewed on Aug 06, 2025
Review provided by G2
What do you like best about the product?
Being able to kill off our onprem CAs and use your hosted solution takes a huge load off of our team. As a member of the security team I love that it's one less thing we have to worry about. Also, the ease of deploying and replacing certificates ensures we're never in a spot where a cert is going to expire and nobody knows where to go or what to do. A true lifesaver.
What do you dislike about the product?
Honestly nothing, it truly hits all of the marks. Maybe have better docs? They are already pretty good though 😂
What problems is the product solving and how is that benefiting you?
Replacement of our onprem CA, and automating the replacement of certificates. Huge time savings, security improvements, and less accidental downtime caused by cert issues.
Christian H.
6 years EJBCA
Reviewed on Aug 05, 2025
Review provided by G2
What do you like best about the product?
EJBCA is a robust and secure Public Key Infrastructure (PKI) solution, especially when deployed as Keyfactor hardware appliance. EJBCA supports a wide range of protocols and is compliant to common standards.
What do you dislike about the product?
The documentation lacks sometimes clarity and. depth
What problems is the product solving and how is that benefiting you?
EJBCA ensures the security of communication and transactions.
Pranjul .
Efficient Certificate Management with Keyfactor EJBCA SaaS: Balancing Ease and Robust Features
Reviewed on Jul 29, 2025
Review provided by G2
What do you like best about the product?
Keyfactor EJBCA SaaS excels in ease of use and implementation, making the process of certificate signing straightforward and efficient within our organisation. The platform offers a robust set of features that cater to various certificate management needs, and its integration capabilities are seamless, which is particularly beneficial for maintaining smooth operations across different systems. Additionally, the customer support has been responsive and helpful, ensuring that any issues are promptly addressed.
What do you dislike about the product?
Despite its strengths, there are a few areas where Keyfactor EJBCA could improve. Occasionally, the number of features can be overwhelming, especially for users who are new to the platform, potentially impacting ease of use. While customer support is generally good, there are times when more specialised assistance might be needed for complex issues. These aspects could benefit from refinement to enhance the overall user experience.
What problems is the product solving and how is that benefiting you?
Keyfactor EJBCA® is solving several key problems related to certificate management and security within our organisation. Primarily, it addresses the need for efficient and secure Public Key Infrastructure (PKI) management. By automating and streamlining the process of certificate issuance, renewal, and revocation, it significantly reduces the risk of expired certificates and enhances overall security posture.
The benefits of using Keyfactor EJBCA® include:
1. Improved Security: It ensures that digital certificates are managed securely, reducing vulnerabilities associated with outdated or improperly managed certificates.
2. Operational Efficiency: Automating certificate processes using REST APIs saves time and resources, allowing IT teams to focus on other critical tasks.
3. Compliance: It helps maintain compliance with industry standards and regulations by providing reliable certificate management and audit capabilities.
4. Scalability: The platform can easily accommodate growing certificate needs as the organisation expands, without compromising performance or security.
Overall, Keyfactor EJBCA is enhancing our ability to manage certificates effectively, which in turn supports our security and operational goals.
The benefits of using Keyfactor EJBCA® include:
1. Improved Security: It ensures that digital certificates are managed securely, reducing vulnerabilities associated with outdated or improperly managed certificates.
2. Operational Efficiency: Automating certificate processes using REST APIs saves time and resources, allowing IT teams to focus on other critical tasks.
3. Compliance: It helps maintain compliance with industry standards and regulations by providing reliable certificate management and audit capabilities.
4. Scalability: The platform can easily accommodate growing certificate needs as the organisation expands, without compromising performance or security.
Overall, Keyfactor EJBCA is enhancing our ability to manage certificates effectively, which in turn supports our security and operational goals.