Standalone CA/RA/VA

You can deploy a complete PKI in a single instance. Since EJBCA has everything built-in you can have a single instance functioning as both CA and RA. This is a very efficient, easy to manage, and cost-effective solution that is suitable for many SME enterprise deployments.

Multiple CAs for different use-cases can co-exist in a single instance and security levels can be scaled with, for example:

• Administrators can use smart cards or soft tokens for accessing the administration interface.

• The CA can use an HSM or soft tokens for the CA signing keys.

• Users and machines can be issued with soft tokens or smart cards/USB tokens.

• Various filtering options can be deployed in firewalls.

For more information on creating a CA with EJBCA, see EJBCA Operations Guide.