Thursday, May 3, 2012

EJBCA will always be Open Source


Since EJBCA 5 there is now one version of EJBCA that is free to download and one that is not.
This blog will try to clarify why and what this means.

Why we are doing this

EJBCA 5.0 is Common Criteria and CWA (14167) certified software. Software certification costs many hundred of thousands of euros, a substantial investment by PrimeKey Solutions to fulfil customer needs for certified software.

PrimeKey is a commercial company employing most of the EJBCA developers and makes a living out of selling support, services and training for EJBCA and SignServer.
PrimeKey can not afford to give away certification for free to large organizations with much larger funds than PrimeKey itself. Without employed EJBCA developers EJBCA can not continue to be among the top PKI software in the world.

To fulfil the needs of these customers, and also the community, two version of EJBCA are needed:
  • Certified versions of EJBCA, not available for free download.
  • Non-certified versions of EJBCA, available for free download.

EJBCA Enterprise Edition

Many organizations require that PKI software is certified according to Common Criteria and/or CWA.
Certified software can require additional features, such as secure audit logging and database integrity protection.
Software certification is a business requirement and has generally little to do with the code itself. EJBCA 5 is aimed to the Enterprises that have these higher trust requirements.

Enterprise EJBCA is:
  • available to all support customers.
  • features all newest features required for higher trust and maximum performance
  • security certified according to Common Criteria and CWA
  • supported with SLA
  • Open Source LGPL v2.1 or later
The current Enterprise EJBCA version is EJBCA 5.0.

EJBCA Community Edition

EJBCA is an open source project. It is one of the most widely used PKIs in the world with deployments on all habited continents.
Organizations that do not require certified software or SLA support can use the Community EJBCA.

PrimeKey will still maintain the Community version of EJBCA. We will continue to provide new features and bug fixes to ensure that both versions of EJBCA will remain the leading PKI software.

PrimeKey always contributes back the features from the certified version to the Community, and PrimeKey's customers pay for development of many features that goes directly into the open source project.

Community EJBCA is:
  • available for anyone to download and use
  • still maintained with new features and bug fixes
  • supported by the community
  • Open Source LGPL v2.1 or later
  • advanced features will be introduced first in Enterprise EJBCA but may eventually end up in later versions of Community EJBCA
The current Community EJBCA version is EJBCA 4.0.

No comments: