- Hardware Appliance Unboxing
- Initial Set-up
- Restore from Backup
- Connect to Cluster
- Using External CA for Installation
- Basic Hardware Operations
- WebConf - Configurator of Hardware Appliance
- Certificates and Trusted CAs
- Setting up a Validation Authority (VA)
- HA Setup
- PKCS#11 Slot Smart Card Activation
- EJBCA Administration
- Certificate Life Cycle Management
Creating CA Hierarchy
- Step 1: Create the RootCA
- Step 2: Create Certificate Profile for SubCAs
- Step 3: Create End Entity Profile for SubCAs
- Step 4: Import RootCA as External CA in Node A
- Step 5: Create SignCA as SubCA in Node A
- Step 6: Create AuthCA as SubCA in Node A
- Step 7: Create SSLCA as SubCA in Node A
- Step 8: Create Certificate Profiles for End Entities that use the SubCAs
- Step 9: Create End Entity Profiles for SubCAs
- Step 10: Create End Entities that use the SubCAs
- Managing End Entities
- Creating Java Truststore
- Check for Weak Debian Keys
- Hardware Appliance 3.5.4 Release Notes
- Hardware Appliance 3.5.3 Release Notes
- Hardware Appliance 3.5.2 Release Notes
- Hardware Appliance 3.5.1 Release Notes
- Hardware Appliance 3.5.0 Release Notes
- PKI Appliance 3.4.5 Release Notes
- PKI Appliance 3.4.4 Release Notes
- PKI Appliance 3.4.3 Release Notes
PKI Appliance 3.4.2 Release Notes
PKI Appliance 3.4.1 Release Notes
- Release Notes Summary
- Hardware Appliance 3.5.X Upgrade Notes
Connect to Cluster
You can add a fresh and unprovisioned Hardware Appliance to an existing cluster. You can also add it to another standalone Hardware Appliance to start a cluster.
Start the procedure either on any node that is already part of the cluster or on the standalone machine that is already installed. When starting the procedure on that node, you'll be given instructions to download a so-called cluster bundle. This cluster bundle will then be needed when going through this part of the wizard.
You will also need the Domain Master Secret that you specified when installing the first machine of your environment and a copy of the Backup key share smart cards that were created when installing the first machine of your environment.
For more information on the Domain Master Secret, the Appliance Security Level, and smart cards, see Initial Set-up > Step 5: Running WebConf Wizard, sections Hardware Security Module Settings and Security Settings - Secrets.
Product size variants S - M - L
Do not mix product size variants in a cluster. A filled hard disk will stop the database working. The smallest node of your setup will stop working first - and thus reduce redundancy.
If you are changing a standalone setup to a multi-node cluster or extending an existing cluster with additional nodes, review the section HA Setup.
After logging in to the Hardware Appliance, using the One Time Password from the front panel display, and selecting to connect to a cluster, you will be guided through a short wizard. For more information on the One Time Password, see the section Initial Set-up > Step 2: One Time Password and TLS Fingerprint.