Using EJBCA as a Standalone CA/RA/VA

The following outlines the architecture of a standalone CA/RA/VA.

Standalone CA/RA/VA

You can deploy a complete PKI in a single instance. Since EJBCA has everything built-in you can have a single instance functioning as both CA and RA. This is a very efficient, easy to manage, and cost-effective solution that is suitable for many SME enterprise deployments.

images/inline/1bb17ae7b8fe8765afcbfd3a998e9bb3d0b69c670ddc767e39cdf529e80b25f3.png


Multiple CAs for different use-cases can co-exist in a single instance and security levels can be scaled with, for example:

  • Administrators can use smart cards or soft tokens for accessing the administration interface.

  • The CA can use an HSM or soft tokens for the CA signing keys.

  • Users and machines can be issued with soft tokens or smart cards/USB tokens.

  • Various filtering options can be deployed in firewalls.

For more information on creating a CA with EJBCA, see EJBCA Operations Guide.