Embed Size (px)
Citation preview
EJBCA Cloud Quick
Start Guide
Print date: 2017-12-18
EJBCA Cloud Quick Start Guide
2( )13
Table of Contents
Introduction _______________________________________________________________________ 3
Documentation __________________________________________________________________ 3
Launch EJBCA Cloud _______________________________________________________________ 4
Locate EJBCA Cloud on AWS Marketplace ____________________________________________ 4
Launch the instance ______________________________________________________________ 5
VPC and Security Group ________________________________________________________ 6
Key Pair _____________________________________________________________________ 7
Software Installation Details _____________________________________________________ 7
Confirm running EJBCA Cloud instance _______________________________________________ 8
Log in to EJBCA Cloud ______________________________________________________________ 9
Step 1: Get the Instance ID _________________________________________________________ 9
Step 2: Download p12 file from EJBCA Public Web ______________________________________ 9
Step 3: Enter Credentials _________________________________________________________ 10
(Optional) Step 4: Obtain the Management CA Certificate ________________________________ 11
_____________________________________________________________________________ 11
Step 5: Install p12 _______________________________________________________________ 11
Step 6: Browse to EJBCA Admin Web _______________________________________________ 12
Troubleshooting __________________________________________________________________ 13
Issues accessing Public or Admin Web ______________________________________________ 13
EJBCA Cloud Quick Start Guide
3( )13
Introduction
This documentation is intended to help customers deploy EJBCA Enterprise Cloud Edition from
Amazon Web Services (AWS) Marketplace and log in to the EJBCA AdminWeb for the first time.
Documentation
The EJBCA documentation for EJBCA Enterprise Edition is available on https://download.primekey.se
/docs/EJBCA-Enterprise/latest/.
Additional documentation on EJBCA Community Edition is available on https://www.ejbca.org/docs/
EJBCA Cloud Quick Start Guide
4( )13
Launch EJBCA Cloud
This section describes how to launch EJBCA Enterprise Cloud Edition from AWS Marketplace.
The EC2 Console is a web interface that allows you to configure the EJBCA Enterprise Cloud Edition
instance details from a web browser before you launch it. Follow the instructions below to launch an
EJBCA Enterprise Cloud Edition EC2 instance.
Locate EJBCA Cloud on AWS Marketplace
Browse to the AWS Marketplace, select "EJBCA Enterprise Cloud Edition – PKI CA Software" and
click .Continue
EJBCA Cloud Quick Start Guide
5( )13
Launch the instance
In the tab, review and specify Version, Region, EC2 Instance Type, VPC Settings, 1-Click Launch
Security Group, and Key Pair to associate with this EJBCA Enterprise Cloud Edition EC2 instance.
The and settings are described below.VPC and Security Group Key Pair
EJBCA Cloud Quick Start Guide
6( )13
VPC and Security Group
If you have an existing security group and Virtual Private Cloud (VPC) created, you can select them.
Otherwise, choose which of these items you would like to be created. The , , and are needed 22 80 443
for access to the image and for it to perform its functions.
For more information on getting started with Amazon Virtual Private Cloud (Amazon VPC), refer to
AWS Documentation on .VPCs and Subnets
EJBCA Cloud Quick Start Guide
7( )13
Key Pair
Specify the name of the key pair you plan to use to access the command line of the EJBCA instance.
When you later connect to the instance, you must specify the private key that corresponds to the key
pair you specify now when launching the instance. For information on creating a key pair using
Amazon EC2, refer to AWS Documentation on .Amazon EC2 Key Pairs
Click to launch the instance.Launch with 1-click
Software Installation Details
After launching, the installation details are displayed and the status of the deployment is available in
the EC2 Dashboard.
EJBCA Cloud Quick Start Guide
8( )13
Confirm running EJBCA Cloud instance
It may take several minutes for your instance to launch. After the changes from Instance State
to , the EJBCA Cloud instance is started.pending running
EJBCA Cloud Quick Start Guide
9( )13
1.
2.
3.
1.
2.
Log in to EJBCA Cloud
This section describes how to log in to EJBCA Enterprise Cloud Edition for the first time, following
these steps:
Step 1: Get the Instance ID
Step 2: Download p12 file from EJBCA Public Web
Step 3: Enter Credentials
(Optional) Step 4: Obtain the Management CA Certificate
Step 5: Install p12
Step 6: Browse to EJBCA Admin Web
To access the Admin Web of the deployed EJBCA Cloud instance, the superadmin credentials need to
be retrieved from the server and installed on a system and/or browser.
PrimeKey recommends using Mozilla Firefox since it currently has self-enrollment capabilities and its
own keystore separate from the operating system. Note that if you are using Google Chrome, you will
need to import the key file to the local machine keystore.
Step 1: Get the Instance ID
You must use the Instance ID of your running instance to download and install the p12 file in the steps
described below. To get the instance ID of your instance, do the following:
In the Amazon EC2 Console, go to Instance details.
In the lower pane, click the tab. The is the ID for the instance.Description Instance ID
Make note of the value since it is used in the steps below.
Step 2: Download p12 file from EJBCA Public Web
To obtain the credentials:
Browse to EJBCA Public Web at the URL:
http://<AWS Public DNS Name or AWS Public IP Address>
Click .Create Keystore
EJBCA Cloud Quick Start Guide
10( )13
1.
2.
If you are not able to access the Admin Web, refer to the section.Troubleshooting
Step 3: Enter Credentials
Under Keystore Enrollment, enter the default username and a password.superadmin
The password is the see .Instance ID, Step 1: Get the instance ID
Note that these credentials only can be used and when authenticated, these credentials once
are expired.
Once authenticated, a p12 file will be prompted to download. Please keep this file safe.
EJBCA Cloud Quick Start Guide
11( )13
1.
2.
3.
4.
5.
(Optional) Step 4: Obtain the Management CA Certificate
As an optional step, the Management CA's Certificate created during provisioning, can be imported to
a machine's Trusted Root Certificate store that will be administering EJBCA. By importing the
Management CA certificate to your system/browser, you ensure that administrators are presented with
a green lock in their browsers upon accessing the EJBCA Admin Web for the first time, which indicates
a trusted website and avoids untrusted website warnings.
To obtain the Management CA Certificate:
Browse to EJBCA Public Web at the URL:
http://<AWS Public DNS Name or AWS Public IP Address>
Select .Fetch CA Certificates
Download the CA certificate chain of the format of your choosing and import to your system
/browser.
Step 5: Install p12
With the p12 file downloaded, install the bundle on your system and/or browser's trust store.
To install the credentials in Mozilla Firefox:
On the menu, select .Firefox Preferences
Click .Privacy & Security
Scroll down to the section and click .Security View Certificates
On the tab , select .Your Cerficates Import
Browse to the p12 file to import and enter a password.
The password is the of the EJBCA Cloud instance, see .Instance ID Step 1: Get the instance ID
EJBCA Cloud Quick Start Guide
12( )13
Step 6: Browse to EJBCA Admin Web
With the credentials installed, select in the Public Web.Administration
You should now have access to EJBCA Admin Web at the URL:
https://<AWS Public DNS Name or AWS Public IP Address>/ejbca/adminweb
If you are not able to access the Admin Web, refer to the section.Troubleshooting
EJBCA Cloud Quick Start Guide
13( )13
Troubleshooting
Issues accessing Public or Admin Web
If you are not able to access the Public Web or Admin Web, ensure that the Security Group
associated with this instance has the following ports allowed from your IP:
Allow Inbound:
