Introducing the Next-Generation PKI Hardware Appliance

In the age of always-on, public key infrastructure (PKI) is undoubtedly critical to secure communications and protect data. But as any team operating a PKI knows, it’s not exactly a breeze. Huge volumes of digital certificates and new use cases demand more flexibility, scalability, and ease of use. Despite the rise of cloud services, particularly high-security environments, manufacturing, and edge computing use cases often require greater physical control and isolation.

Enter the next generation of the EJBCA Hardware Appliance, the new gold standard for “PKI-in-a-box.” That’s right, we took more than 10 years of customer and developer feedback to deliver a truly one-of-a-kind solution. As the only vendor to deliver PKI as a turnkey appliance, we’ve taken the gold standard and made it even better. Powered by EJBCA, the Hardware Appliance removes the pain and guesswork associated with building a hardened PKI solution and puts it in one box.

• More power, smaller box: A complete refresh of all the internal hardware provides a boost in performance and allows for future flexible HSM selection, while a thinner box to just 1U reduces rack space requirements.
• Simplified configuration and administration: An overhaul to the GUI makes nearly every action simpler and streamlined. No longer do you have to use secure shell (SSH) to find a config file and update it; there’s a UI for that. From setup and configuration to maintenance, the new Web UI will make any PKI administrator’s day.
• More scalability and monitoring capabilities: PKI is critical infrastructure, so it must be monitored, and when necessary, highly available (HA). That’s why we’ve added industry-standard monitoring services and protocols to monitor critical metrics like system temperature and CPU usage. Plus, clustering setup is a breeze to ensure you can scale quickly and efficiently.

You’ve made it this far, so why not read a bit more to find out all the details?

The EJBCA Hardware Appliance has been completely rebuilt with cutting-edge CPUs, RAM, and motherboard, giving your PKI more than enough horsepower for even the most demanding environments. By putting in best-of-breed hardware, the Appliance is set to meet the scale and speed requirements of today and tomorrow.

The new design also reduces rack space requirements to 1U, while offering greater flexibility in Hardware Security Module (HSM) selection and network interface controller (NIC) configuration.

Under the hood, we’ve completely upgraded the software stack, including reliable off-the-shelf Linux and Orchestration platforms to power a newly containerized environment for improved reliability and on-demand scalability.

Say goodbye to the complexities of secure shell (SSH) and manual file editing. The new Web UI provides a single, intuitive interface for configuring and maintaining your PKI, making setup and ongoing maintenance a breeze. With guided workflows, you can be up and running in just five minutes.

When your PKI is critical to operations, HA is a must. If one goes offline for any reason, another node needs to be able to immediately and seamlessly pick up the slack. But clustering can get complicated, quickly. To simplify this, we’ve made the setup of clusters much more straightforward and guided.

You may be thinking though “I want to know when something is going awry BEFORE it goes offline.” That’s why we’ve added even more monitoring services and protocols to support SIEM and monitoring scenarios. You can know immediately if there are any services or metrics (e.g. temperature, CPU usage) that are outside of their normal operating range within your current monitoring solution.

It’s not a complete upgrade unless you update the PKI software too. The Hardware Appliance ships with the latest version of EJBCA 9.1, which includes significant new features such as post-quantum readiness, improved standards support for S/MIME and CAA validation, and operational certificates for Matter smart devices.

• Post-Quantum Readiness: With the inclusion of NIST’s post-quantum cryptographic algorithms, customers will be able to issue ML-DSA certificates.
• Improved Standards Support: EJBCA features S/MIME CAA validation support to align with the CA/Browser Forum standards for email security.
• Operational Certificates for Matter Smart Devices: Matter is the industry standard for smart home devices, and we’re excited to offer support for operational certificates to help IoT device manufacturers secure and update their products using EJBCA.

With the next generation of the EJBCA Hardware Appliance, you get more than just a device – you get a comprehensive, user-friendly solution that simplifies your PKI management while ensuring the highest levels of security and reliability.

Ready to learn more about how to simplify your PKI or how the Hardware Appliance can be used in a code signing solution? Schedule some time today for more information!