Log in to EJBCA Cloud AWS

The following describes how to log in to EJBCA Cloud for the first time.

To access the Admin Web of the deployed EJBCA Cloud instance, the superadmin credentials need to be retrieved from the server and installed on a system and/or browser.

PrimeKey recommends using Mozilla Firefox since it currently has self-enrollment capabilities and its own keystore separate from the operating system. Note that if you are using Google Chrome, you will need to import the key file to the local machine keystore.

Step 1: Get the Instance ID 

Skip this step if you configured your instance through the configuration wizard and proceed to Step 2: Download p12 file from EJBCA Public Web

Use the Instance ID of the running instance to download and install the p12 file in the steps described below.

To retrieve the instance ID of this instance:

  1. In the Amazon EC2 Console, go to Instance details.
  2. In the lower pane, click the Description tab. The Instance ID is the ID for the instance. 
  3. Click the icon next to the instance ID to copy the instance ID to clipboard.

Step 2: Download p12 file from EJBCA Public Web

To obtain the credentials:

  1. Browse to EJBCA Public Web at the URL: http://<AWS Public DNS Name or AWS Public IP Address>
    If you are not able to access the Public Web, see Troubleshooting.
  2. In the Public Web, click Create Keystore under Enroll.
    A browser warning is shown as the certificate is not yet trusted in your web browser.
  3. Click Advanced > Add Exception > Confirm Security Exception to add a browser exception to continue to the secure session.
  4. On the Keystore Enrollment page:
    1. If you configured via the configuration wizard, enter the username and password you selected on the Step 3: ManagementCA Configuration step. The default username is "superadmin" unless changed. 
    2. If you did not use the wizard, on the older product versions, enter the default username superadmin and paste the Instance ID copied in Step 1: Get the instance ID as your password and click OK.

      Note that these credentials only can be used once and when authenticated, these credentials are expired.
  5. On the Token Certificate Enrollment page, click Enroll to download your p12 file certificate.

Optional Step: Obtain the Management CA Certificate

As an optional step, the Management CA's Certificate created during provisioning, can be imported to a machine's Trusted Root Certificate store that will be administering EJBCA. By importing the Management CA certificate to your system/browser, you ensure that administrators are presented with a green lock in their browsers upon accessing the EJBCA Admin Web for the first time, which indicates a trusted website and avoids untrusted website warnings.

To obtain the Management CA Certificate:

  • Browse to EJBCA Public Web at the URL:
    http://<AWS Public DNS Name or AWS Public IP Address>
  • Select Fetch CA Certificates.
  • Download the CA certificate chain of the format of your choosing and import to your system/browser.

Step 3: Install p12

With the p12 file downloaded, install the bundle on your system and/or browser's trust store.

To import the certificate in Mozilla Firefox:

  1. On the Firefox menu, select Preferences.
  2. Click Privacy & Security.
  3. Scroll down to the Security section and click View Certificates.
  4. On the tab Your Certificates, select Import.
  5. Browse to the p12 file to import
    1. If you configured via wizard, this will be the password you chose on the "Management Configuration" step.
    2. If you did not configure via wizard, enter the Instance ID of the instance (copied in Step 1: Get the instance ID) as the password to the P12.

Step 4: Browse to EJBCA Admin Web

With the credentials installed, click Administration in the Public Web to access the EJBCA Admin Web at the URL:
https://<AWS Public DNS Name or AWS Public IP Address>/ejbca/adminweb

Your browser should now recognize your new certificate and open the EJBCA Admin Web displaying the Administration page.

If you are not able to access the Admin Web, see Troubleshooting.