Preliminary Research on EJBCA 3.0 open source CA System Software

EJBCA is a very valuable open-source system that provides reference for domestic PKI technologies and products. Upon the release of ejb3.0, I translated the introduction of this software, hoping to bring you into attention. You are welcome to join me in exploring this software.

EJBCA is a full-featured CA system software based on J2EE technology and provides a powerful, high-performance and component-based ca. EJBCA is flexible and platform independent. It can be used independently and can be integrated with any J2EE application. We encourage and thank you for your contribution in any form.

If you want to contact the EJBCA team or provide support, contact the Project Administrator. You can find the EJBCA team on the SourceForge project page.

This software is an open source software certified by OSI. OSI authentication is the certification mark of Open Source Initiative.

Features

Lgpl open source license
Built on the J2EE 1.3 (ejb2.0) Specification
Flexible, Component-Based Architecture
Multi-level Ca
Establish one or more complete infrastructure in one EJBCA instance with multiple CAS and multi-level cas
Run it independently or integrate it in any J2EE Application
Simple installation and configuration
Powerful Web-based management interface with high-intensity Identification Algorithms
Supports command line-Based Management and scripts.
Support individual certificate application or certificate Batch Production
The server and client certificates can be exported in PKCS12, jks, or PEM format.
Supports direct certificate application using Netscape, Mozilla, ie, and other browsers
Supports using open APIs and tools to apply for certificates from other applications
New users added by RA can send email reminders.
Passwords can be generated randomly or manually for new user authentication.
Supports hardware modules to integrate hardware issuing systems (such as smart cards)
SCEP supported
Multi-polarization management with specific user permissions and user groups
You can configure certificates of different types and contents.
You can configure objects for different types of users.
Complies with X509 and pkix (rfc3280) Standards
Supports CRL
Fully supports OCSP, including AIA Extension
CRL generation and URL-based CRL distribution points follow rfc3280 and can store certificates and CRL in any SQL database (processed by the Application Server ).
Multiple publishers are available to publish certificates and CRL in LDAP.
Supports the key recovery module used to restore private keys for specified users and certificates
Component-based architecture for publishing certificates and CRL to different destinations
Component-based architecture, used to adopt multiple entity authorization methods when publishing certificates
It is easy to integrate into large applications and optimized for integration into business processes

Platform

EJBCA is fully written in Java and can run on any platform using J2EE servers. Development and testing are performed on Linux and Windows2000.