- Hardware Appliance Unboxing
- Initial Set-up
- Restore from Backup
- Connect to Cluster
- Using External CA for Installation
- Basic Hardware Operations
- WebConf - Configurator of Hardware Appliance
- Certificates and Trusted CAs
- Setting up a Validation Authority (VA)
- HA Setup
- PKCS#11 Slot Smart Card Activation
- EJBCA Administration
- Certificate Life Cycle Management
Creating CA Hierarchy
- Step 1: Create the RootCA
- Step 2: Create Certificate Profile for SubCAs
- Step 3: Create End Entity Profile for SubCAs
- Step 4: Import RootCA as External CA in Node A
- Step 5: Create SignCA as SubCA in Node A
- Step 6: Create AuthCA as SubCA in Node A
- Step 7: Create SSLCA as SubCA in Node A
- Step 8: Create Certificate Profiles for End Entities that use the SubCAs
- Step 9: Create End Entity Profiles for SubCAs
- Step 10: Create End Entities that use the SubCAs
- Managing End Entities
- Creating Java Truststore
- Check for Weak Debian Keys
- Hardware Appliance 3.5.4 Release Notes
- Hardware Appliance 3.5.3 Release Notes
- Hardware Appliance 3.5.2 Release Notes
- Hardware Appliance 3.5.1 Release Notes
- Hardware Appliance 3.5.0 Release Notes
- PKI Appliance 3.4.5 Release Notes
- PKI Appliance 3.4.4 Release Notes
- PKI Appliance 3.4.3 Release Notes
PKI Appliance 3.4.2 Release Notes
PKI Appliance 3.4.1 Release Notes
- Release Notes Summary
- Hardware Appliance 3.5.X Upgrade Notes
Step 2: Create OCSP Keys in VA Hardware Appliance
Proceed as follows to create a crypto token and generate a public key in the VA Hardware Appliance. They will be used by OCSP to sign responses:
- Go to the EJBCA Admin Web and open CA Functions > Crypto Tokens.
Click Create New.
Specify the following and click Save:
Crypto Token for OCSP
- Name: Enter OCSP key
- Type: Select PKCS#11
- Authentication Code: Enter foo123 (the previously set password).
Ensure that you have manually generated a slot password for the slot.
- Auto-activation: Enable this option
- PKCS#11Library: Select Internal HSM
- PKCS#11 ReferenceType: Select Slot ID
- PKCS#11 Reference: Enter 3
The index number depends on the installation.
- The Settings page displays the message CryptoToken created successfully.
- To create the key for signing OCSP responses, specify SignKey: RSA 2048 and click Generate new key pair.
- Click Test to test the key. If successful, the following message is displayed: signKey tested successfully.