A CA (Certificate Authority) is at the heart of all PKI (Public Key Infrastructure) projects. A CA is, quite literally, the final authority on the validity of any key it signs and is hopefully the final authority on the binding between a key and the subject of the key.
EJBCA is a functional, but still immature, open source, Java-based Certificate Authority. EJBCA runs as an EJB within an EJB 1.1 compliant container on an EJB application server. It supports browser-based certificate creation and revocation as well as direct interaction with the underlying EJBs. It stores its certificates and CRLs in either an SQL database or an LDAP directory.
EJBCA is based on the Bouncy Castle crypto APIs, so it should be X.509, PKIX, and PKCS compliant in all of the right places.
From a production standpoint, EJBCA is still immature. My brief review of the product revealed limited certificate management and administration functionality compared with commercial products.
EJBCA has been tested on JBoss and WebLogic. On the database side, it has been tested with MySQL, PostgreSQL, Oracle, and InstantDB.