Jump to content

EJBCA: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Updated link to Certificate Management Protocol
ZeiZai6Y (talk | contribs)
36 edits
No edit summary
Line 7: Line 7:
| developer = [http://www.primekey.se PrimeKey Solutions AB]
| developer = [http://www.primekey.se PrimeKey Solutions AB]
| released = {{initial release|2001|12|05}}
| released = {{initial release|2001|12|05}}
| latest release version = 3.9.3
| latest release version = 3.9.5
| latest release date = {{release date|2009|12|21}}
| latest release date = {{release date|2010|03|05}}
| latest preview version =
| latest preview version =
| latest preview date =
| latest preview date =

Revision as of 12:43, 5 March 2010

EJBCA
Developer(s)PrimeKey Solutions AB
Initial releaseDecember 5, 2001 (2001-12-05)
Stable release
3.9.5 / March 5, 2010 (2010-03-05)
Repository
Written inJava on Java EE
Operating systemCross-platform
Available inChinese, English, French, German, Italian, Portuguese, Spanish, Swedish
TypePKI Software
LicenseLGPL
Websitewww.ejbca.org

Enterprise Java Bean Certificate Authority, or EJBCA, is a free software public key infrastructure certificate authority software package maintained and sponsored by the Swedish for-profit company PrimeKey Solutions AB, which holds the copyright to most of the codebase. The project's source code is available under terms of the Lesser GNU General Public License.

Design

The system is implemented in Java EE and designed to be platform independent and fully clusterable[1], to permit a greater degree of scalability than is typical of similar software packages. Multiple instances of EJBCA are run simultaneously, sharing a database containing the current certificate authorities (CAs). This permits each instance of the software to access any CA. The software also supports the use of a Hardware Security Module (HSM), which provides additional security. Larger-scale installations would use multiple instances of EJBCA running on a cluster, a fully distributed database on a separate cluster and a third cluster with HSMs keeping the different CA keys.

Features

EJBCA follows the major standards in the PKI area, such as X509, OCSP, CMP, XKMS, SCEP, and Elliptic curves,[2] including the new Card Verifying Certificate (CVC) EU standard for machine readable passports containing fingerprints, which will be mandatory as of June 26 2009.

Development

EJBCA is licensed under the standard GNU Lesser General Public License (LGPL). The source code is hosted at SourceForge.net. It was first posted there in November 2001. At that time the amount of source code was around 6,000 lines of code including test code. As of December 2008, it contains about 166,000 lines of code.

Known major installations

There are many known[3] installations all over the world, among them:

  • Ministry of Defence, France, 1,000 users
  • Ministry of Finances, France, 40,000 users
  • National Swedish Police Board, Sweden, 25,000 users
  • ZhuHai Local Taxation Bureau, China, 50,000 users
  • Grupo Safa, Spain, 20,000 users
  • Seraza.com, Brazil, 20,000 users
  • Autoritat de Certificació de la Comunitat Valenciana, Spain, 75,000 + users

References

  1. ^ Typical large scale setup
  2. ^ List of features
  3. ^ Reference installations

EJBCA in literature

  • Research and application of EJBCA based on J2EE; Liyi Zhang, Qihua Liu and Min Xu; IFIP International Federation for Information Processing Volume 251/2008; ISBN 978-0-387-75465-9
  • Chapter "Securing Connections and Remote Administration" in Hardening Linux; James Turnbull; ISBN 978-1-59059-444-5
  • Exception-Handling Bugs in Java and a Language Extension to Avoid Them; Westley Weimer; Advanced Topics in Exception Handling Techniques Volume 4119/2006; ISBN 978-3-540-37443-5
Retrieved from "https://en.wikipedia.org/w/index.php?title=EJBCA&oldid=347895705"