EJBCA Enterprise has full support for Card Verifiable Certificates (CVC BSI TR-03110) used by EU EAC ePassports and eIDs.

Using EJBCA you can set up a complete PKI infrastructure for CVC CAs with:

  • Country CVCCA

  • Domestic DVs (document verifier)

  • Foreign DVs

  • Inspection systems (IS)

  • Authentication Terminals (AT)

  • Signature Terminals (ST)

EJBCA supports RSA and ECC keys in CV certificates with the following algorithms:

  • SHA1WithRSA - id-TA-RSA-v1-5-SHA-1

  • SHA256WithRSA - id-TA-RSA-v1-5-SHA-256

  • SHA1WithRSAAndMGF1 - id-TA-RSA-PSS-SHA-1

  • SHA256WithRSAAndMGF1 - id-TA-RSA-PSS-SHA-256


  • SHA224WithECDSA - id-TA-ECDSA_SHA_224

  • SHA256WithECDSA - id-TA-ECDSA_SHA_256

Using SignServer you can set up a clustered Document Signer. For more information, see