Skip to main content
Skip table of contents

Appendix B - EJBCA Services

EJBCA Root Certification Authority Configuration

Keyfactor Responsibilities:

Keyfactor will manually configure a Root Certificate Authority to establish a root of trust for a customer’s PKI. This service may also be used to configure a policy module to allow for the signing of subordinate EJBCA CAs.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service directly allocates dedicated, professional assistance in configuring a Root Certificate Authority as a root of trust for a customer’s PKI.

 

EJBCA Certification Authority Configuration

Keyfactor Responsibilities:

Keyfactor will manually configure a Certificate Authority within an existing or new EJBCA cluster.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service provides the ability to horizontally scale a PKI by adding additional Certificate Authorities to existing or new EJBCA clusters.

EJBCA Registration Authority Configuration

Keyfactor Responsibilities:

Keyfactor will configure and deploy Registration Authority within an existing or new PKI to support registration services.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Extend your PKI by reducing accessibility to Certificate Authorities and providing localized registration services to remote clients.

 

EJBCA Validation Authority Configuration

Keyfactor Responsibilities:

Keyfactor will configure and deploy Validation Authority within an existing or new PKI to support validation services.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Extend your PKI by reducing accessibility to Certificate Authorities and providing localized, highly available validation services to remote clients for certificates when CA services are unreachable.

 

EJBCA Clustered Instance Services

Keyfactor Responsibilities:

Keyfactor will prepare, configure, and connect an EJBCA instance to an existing or new EJBCA cluster. These instances may be deployed in any EJBCA supported form factor. This service provides the preparation, configuration and connectivity of a single EJBCA instance within these form factors to an EJBCA cluster.

Customer Responsibilities:

  • The customer is responsible for provisioning, maintaining, and supporting the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

EJBCA Clustered Instance Services provides the ability to horizontally scale existing EJBCA deployments to increase system performance and redundancy.

 

EJBCA Discovery & Design Services

Keyfactor Responsibilities:

Keyfactor will assess PKI requirements to review and determine the following:

  • EJBCA Instances, platforms, clustering, and networking requirements

  • Customer environments and compliance requirements

  • Database and HSM specifications and compatibility

  • Review Use cases and CA Configurations

  • Plan deployment methods

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for ensuring that team members have the necessary knowledge and access within customer systems and environmental requirements are allocated within a timely manner.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The EJBCA Discovery & Design services offer a structured approach at understanding a customer’s PKI requirements based on enterprise services and environmental requirements to support connected use cases.

EJBCA External Database Services

Keyfactor Responsibilities:

Keyfactor will configure the EJBCA instance for a connection to an external database. Keyfactor will provide the necessary scripts to create the index and optimize the database. These configurations are limited to the supported scripts and do not include specific external database configurations.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for configuring backend replication to clustered EJBCA instances.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service allows the customer to store EJBCA data in a customer database service.

 

EJBCA External HSM Services

Keyfactor Responsibilities:

Keyfactor will configure the EJBCA instance for a connection to an external HSM that is supported by the EJBCA platform.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

  • The customer is responsible for installation and configuration of an external HSM.

Value Statement:

This service allows customers to leverage existing HSMs for key generation or access existing CA keystores.

  

EJBCA Key Generation Ceremony Services

Keyfactor Responsibilities:

Keyfactor will assist with formal Key Generation Ceremony planning, including:

  • Conduct formal Key Ceremony planning session

  • Review Key Ceremony requirements and process

  • Identify process gaps and remediation

  • Identify Ceremony resources required

  • Schedule Key Ceremony

 Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service provides a methodical approach to conducting and documenting a secure process in generating key material.

 

EJBCA Logging Configuration

Keyfactor Responsibilities:

Keyfactor will configure an EJBCA instance to facilitate syslog forwarding to a specified log aggregator.

 Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and 3rd party products/resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables customers to forward EJBCA logs to a centralized log aggregator.

 

EJBCA Microsoft Auto-Enrollment

Keyfactor Responsibilities:

Keyfactor will configure a single alias to facilitate certificate management using the Microsoft Auto-Enrollment protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

These services enable certificate management with EJBCA using the specified protocol.

 

EJBCA OAuth Configuration

Keyfactor Responsibilities:

Keyfactor will conduct instructional working sessions to configure Single Sign-On for users and groups using OAuth 2.0 authentication within EJBCA. The series of configurations are targeted at Keyfactor products and does not include configurations within a customer’s identity provider.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer should be aware and knowledgeable of their select identity provider to make necessary configurations to enable OAuth 2.0 authentication to EJBCA.

Value Statement:

This service allows the customer to use OAuth 2.0 to authenticate users, groups, and machine identities to EJBCA.

 

EJBCA Use Case Services

Keyfactor Responsibilities:

Keyfactor will configure a single use case or alias to facilitate PKI operations using a specified protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables PKI operations within EJBCA using a supported protocol (e.g., ACME, SCEP, REST API, CMP, etc.).

 

EJBCA ACME

Keyfactor Responsibilities:

Keyfactor will configure a single alias to facilitate certificate management using the ACME protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and/or operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the ACME protocol.

 

EJBCA SCEP

Keyfactor Responsibilities:

Keyfactor will configure a single alias to facilitate certificate management using the SCEP protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and/or operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the SCEP protocol.

 

EJBCA REST API

Keyfactor Responsibilities:

Keyfactor will configure a single use case to facilitate certificate management using the REST API protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the REST API protocol.

 

EJBCA CMP

Keyfactor Responsibilities:

Keyfactor will configure a single alias to facilitate certificate management using the CMP protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the CMP protocol.

 

EJBCA EST

Keyfactor Responsibilities:

Keyfactor will configure a single alias to facilitate certificate management using the EST protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the EST protocol.

 

EJBCA Web Services

Keyfactor Responsibilities:

Keyfactor will configure a single use case to facilitate certificate management using the Web Services protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the Web Services protocol.

 

EJBCA OCSP

Keyfactor Responsibilities:

Keyfactor will configure a single use case to facilitate certificate management using the OCSP protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the OCSP protocol.

 

EJBCA CRL

Keyfactor Responsibilities:

Keyfactor will configure a single use case to facilitate certificate management using the CRL protocol based on customer specifications.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer is responsible for the configuration of services required by the client to use the specified protocol.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

This service enables certificate management with EJBCA using the CRL protocol.

 

EJBCA Health Check Services

Keyfactor Responsibilities:

Keyfactor will perform a basic investigation and performance testing of established architecture and configurations of PKI environments to contribute to the customer success plan. In addition, Keyfactor will provide an Architecture Findings and Recommendations Report, alongside an executive summary, to detail the results of the EJBCA Health Check. Keyfactor will adhere to the customer’s requirements regarding access control to customer systems and data classification of customer documentation.

Customer Responsibilities:

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer must ensure that relevant team members have the necessary knowledge and required access to all components within the EJBCA platform and provide Keyfactor with the necessary configurations to perform the EJBCA Health Check.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

The EJBCA Health Check service provides a customer with a comprehensive Architecture Findings and Recommendations Report alongside a solution design to detail and assess the performance and configurations of the EJBCA deployment.

 

EJBCA Migration Services

Keyfactor Responsibilities:

A scoped service to migrate EJBCA certificates, CRLs, configurations, HSM keys, or softkeys to a new environment. This service does not include an upgrade of an EJBCA platform. The full scope of the migration service will require an initial series of discovery working sessions to determine a list of migration items and feasibility of the migration prior to the execution.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for coordinating troubleshooting sessions that require the involvement of third-party vendors.

  • The customer is responsible for ensuring compatibility and understanding limitations with their third-party HSMs.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

EJBCA migration services are designed to ensure a seamless and secure migration of certificates, CRLs, configurations, HSM keys, or softkeys.

EJBCA Upgrade Services

Keyfactor Responsibilities:

A scoped service to upgrade a specified EJBCA instance. This service does not include the migration of an EJBCA platform. The full scope of the upgrade service will require an initial series of discovery working sessions to determine the number of EJBCA instances and validate the upgrade path prior to the execution.

Customer Responsibilities:

  • The customer is responsible for provisioning and maintaining the required infrastructure and resources necessary for the implementation and operation of the Keyfactor solution.

  • The customer must ensure that relevant team members are available to participate in workshops and training sessions to gain the necessary knowledge and skills.

  • The customer is responsible for reviewing and approving deliverables provided by Keyfactor to ensure they meet the desired specifications and requirements.

Value Statement:

Scoped professional upgrade assistance for a given EJBCA instance that enables accessibility to the latest EJBCA feature sets.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close