From PrimeKey Tech Days 2017: Creating a Trust Center is not your Panacea
It's that time of year again, and we've begun releasing the lectures from last year's PrimeKey Tech Days conference. First up is a good friend of ours and one of the most knowledgeable guys in the...
View ArticleClik here to view.
EJBCA and Agile PKI
So in case anybody is wondering what the buzzword for 2018 is, it's quite obviously Post Quantum Cryptography. Besides full and entire conferences on the subject, large tracts of security conferences...
View ArticleFrom PrimeKey Tech Days 2017: EST Update
Next up in PrimeKey's series of Tech Days videos is Michael Luken from Cisco who spoke about the EST Protocol, which has been supported by EJBCA ever since version EJBCA 6.11.0. Make sure also to check...
View ArticleClik here to view.
Presenting EJBCA 6.14: A Plethora of Protocols
It's with no small amount of pride that we'd like to announce the release of EJBCA 6.14, one of the most feature rich releases to come out in a long while. Let's get straight to it, because we have...
View ArticleMinor Release: EJBCA 6.14.1
Hi folks, we'd like to send the summer off with a minor release based the latest version of EJBCA: 6.14.1This minor primarily fixes some issues that some users reported when running EJBCA 6.14 on JBoss...
View ArticleClik here to view.
Presenting EJBCA 6.15 and one word: ACME
Version 6 of EJBCA is beginning to near its end, and the team are looking forward with great anticipation to be able to give you all a look at what's coming with EJBCA 7. That said, we're sending off...
View ArticleClik here to view.
Keep track of certificate issuance using Graylog (and pretty dashboards)
Running an EJBCA based PKI can be a very boring task, usually everything just works. One complaint that we get is that it just works so stably, that the operations staff forgets what to be done when...
View ArticleClik here to view.
EJBCA 6.15.1: Publishers, Publishers, Publishers!
We couldn't stay away, so at the same time as the UI is being refurbished and prepared for our coming Common Criteria certification we've been busy adding some neat new features to EJBCA 6.15:...
View ArticleClik here to view.
EJBCA 7.0.0: The Same, but Completely Different
It's not often that we get to celebrate the emergence of a major release of EJBCA, and this has been a long time coming. World, meet EJBCA 7!So what's new you ask? New workflows? VR based UI? Is...
View ArticleClik here to view.
The (updated) Definitive EJBCA Upgrade Guide
With the release of EJBCA 7.0 and subsequent drop of support for JDK7/JEE6, we've updated the upgrade guide that we published back in 2017 to reflect these changes. With no further ado, here it...
View ArticleClik here to view.
eIDAS and PSD2, what's new for PKI and what can you do?
What does PSD2 have to do with eIDAS?With the introduction of the Revised Payment Service Directive (PSD2) in EU there are many changes for Payment Service Providers, but there are also some changes...
View ArticleClik here to view.
EJBCA 7.0.1 - PSD2 and SN Entropy
Hot on the heels of EJBCA 7.0, we'd like to present the release of EJBCA 7.0.1 - implementing a ton of neat functionality that didn't make the cut for the main release. On top of the list of most...
View ArticleClik here to view.
EJBCA 7.1.0 - Partitioned CRLs!
Spring has finally arrived in Stockholm, following the traditional seasons of Winter, False Spring, Second Winter, the Spring of Deceit and the final cold snap of I-Just-Changed-My-Tires. The melting...
View ArticleClik here to view.
A bit about us...
We seldom speak much about the team behind EJBCA or about PrimeKey Solutions on a whole on this blog, so for those interested I'd like to write a bit about us and our culture for those of you who might...
View ArticleClik here to view.
EJBCA ♥ YubiKey
With the keygen tag in its final death throes, time has come to move on to new and better ways of managing keys on tokens. We here at PrimeKey are big fans of our friends at Yubico, so here is a neat...
View ArticleClik here to view.
EJBCA 7.2.0 - CT improvements & Exteded REST API
Summer is here and as promised, so is EJBCA 7.2.0! Highlighted news are performance improvements to Certificate Transparency and additional functionality added to the REST API.Persistent Storage of...
View ArticleClik here to view.
PGP Signing with SignServer
This blog post covers PGP signing support implemented in recent versions of SignServerIn a previous blog post, we addressed Code Signing of Windows binaries (Authenticode) and gave some background on...
View ArticleClik here to view.
Enroll Using Device Certificates Using CMP with 3GPP/LTE
About 3GPP/LTEThe 3rd Generation Partnership Project, 3GPP, has produced a technical specification for an entity authentication framework, which was developed in the context of the Network Domain...
View ArticleCVEs: PrimeKey takes a step forward
A question we've been posed through the last few years is whether PrimeKey writes CVEs for known security issues. We're now implementing a change in this policy, and we'd like to talk a bit about...
View ArticleClik here to view.
A practical analysis of the SSH Certificate format
I've been messing around a wee bit with SSH certificates, and while the specification is fairly easy to read, reading the actual format was not quite as much so and there was quite a bit of trial and...
View ArticleClik here to view.
Using CertBot to issue certificates with ACME to an Apache Web Server
The popular ACME (RFC8555) agent CertBot can be used to automatically create and renew TLS certificates for an Apache web server. The same setup can easily be used for other web servers that CertBot...
View ArticleClik here to view.
Supporting EdDSA - The Details
About EdDSAEdDSA is a fairly new signature algorithm, at least if we compare to the classic algorithms we use, where RSA was introduced in 1977 and ECDSA entering wide use in the early 2000's. In...
View ArticleA laymans guide to EJBCA compliance tools
Compliance OverviewStandards and other specifications that you may be required to show compliance with are usually large with many options. Many times these options are also described vaguely requiring...
View ArticleClik here to view.
Performance! How to use EJBCA as a Massive PKI!
Are your CRLs are scaling out of proportion, clients are complaining about timeouts and your VA is on its knees? Are your certificates counted not by thousands but by the millions? Never to fear,...
View ArticleClik here to view.
Enrolling chromeOS Devices against EJBCA
IntroductionchromeOS is an operating system based on Chromium (with Google Chrome as its primary UI) which is the default operating system on devices such as ChromeBooks, ChromeBoxes, ChromeBases and...
View Article