Cyber Tool Stack
All tools
CLMOpen source · LGPL-2.1-or-later

EJBCA Community

By Keyfactor

Open-source PKI and certificate authority software for issuing and managing X.509 certificates at scale, with CRL and OCSP revocation and support for the SCEP, EST, CMP, and ACME enrollment protocols. The commercial Enterprise edition adds high availability, HSM integration, and support; EJBCA originated at Sweden's PrimeKey, which merged into Keyfactor in 2021.

Verified Source: 1

Product type
Software
Deployment
On-premHybridCLI
Organization size
SMBMid-marketEnterprise
Pricing tier
Freemium

Capability checklist

CLM

How EJBCA Community measures up against the full Certificate Lifecycle Management taxonomy.

Certificate discovery & inventory — not supported
Finds every certificate across on-prem, cloud, and Kubernetes environments — including unknown, expired, and shadow certificates nobody was tracking.
Automated issuance & renewal — supported
Issues and renews certificates automatically through ACME and direct CA integrations, so nothing depends on someone remembering to do it by hand.
Expiry monitoring & alerting — not supported
Watches expiration dates across the whole estate and alerts owners well before a certificate lapses and causes an outage.
Private CA & internal PKI — supported
Runs internal certificate authorities and PKI to issue the private certificates that secure machine-to-machine and internal service traffic.
Deployment integrations — not supported
Pushes issued certificates directly into load balancers, Kubernetes, MDM, and web servers instead of leaving admins to install them by hand.
Crypto-agility & rotation — not supported
Inventories the algorithms and keys in use and rotates them at scale, including preparing for the migration to post-quantum cryptography.

Alternatives

Other Certificate Lifecycle Management tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.