The following describes how to log in to EJBCA Cloud for the first time.

To access the Admin Web of the deployed EJBCA Cloud instance, the superadmin credentials need to be retrieved from the server and installed on a system and/or browser.

PrimeKey recommends using Mozilla Firefox since it currently has self-enrollment capabilities and its own keystore separate from the operating system. Note that if you are using Google Chrome, you will need to import the key file to the local machine keystore.

Step 1: Get the Instance ID 

Skip this step if you configured your instance through the configuration wizard and proceed to Step 2: Download p12 file from EJBCA RA Web Interface

Use the Instance ID of the running instance to download and install the p12 file in the steps described below.

To retrieve the instance ID of this instance:

  1. In the Amazon EC2 Console, go to Instance details.
  2. In the lower pane, click the Description tab. The Instance ID is the ID for the instance. 
  3. Click the icon next to the instance ID to copy the instance ID to clipboard.

Step 2: Download p12 file from EJBCA RA Web Interface

To obtain the credentials:

  1. Browse to EJBCA RA Web at the URL: http://<AWS Public DNS Name or AWS Public IP Address>/ejbca/ra
    If you are not able to access the RA Web, see Troubleshooting.
  2. In the RA Web, click Create Keystore under Enroll. A browser warning is shown since the certificate is not yet trusted in your web browser.
  3. Click Advanced > Add Exception > Confirm Security Exception to add a browser exception to continue to the secure session.
  4. On the Enroll with Enrollment Code page:
    1. If you configured via the configuration wizard, the username of "superadmin" will already be entered for you. The password will be the one provided on the Step 3: ManagementCA Configuration step of the Cloud Wizard.
    2. If you did not use the wizard, on the older product versions, enter the default username superadmin and paste the Instance ID copied in Step 1: Get the instance ID as your password and click OK.

      The username "superadmin" is case sensitive. Entering anything other than "superadmin" will result in a login error.

      Note that these credentials only can be used once and when authenticated, these credentials are expired.
  5. On the Enroll with Enrollment Code page, click Check to download your p12 file certificate.
  6. Select the algorithm desired from the Key Algorithm drop down.
  7. Select the Download PKCS12 option to download the keystore.

Optional Step: Obtain the Management CA Certificate

As an optional step, the Management CA's Certificate created during provisioning, can be imported to a machine's Trusted Root Certificate store that will be administering EJBCA. By importing the Management CA certificate to your system/browser, you ensure that administrators are presented with a green lock in their browsers upon accessing the EJBCA Admin Web for the first time, which indicates a trusted website and avoids untrusted website warnings.

To obtain the Management CA Certificate:

  • Browse to EJBCA Public Web at the URL:
    http://<AWS Public DNS Name or AWS Public IP Address>/ejbca/ra
  • Select the CA Certificates and CRLs link at the top of the page.
  • Download the CA certificate chain of the format of your choosing and import to your system/browser.

Step 3: Install p12

With the p12 file downloaded, install the bundle on your system and/or browser's trust store.

To import the certificate in Mozilla Firefox:

  1. On the Firefox menu, select Preferences.
  2. Click Privacy & Security.
  3. Scroll down to the Security section and click View Certificates.
  4. On the tab Your Certificates, select Import.
  5. Browse to the p12 file to import
    1. If you configured via wizard, this will be the password you chose on the "Management Configuration" step.
    2. If you did not configure via wizard, enter the Instance ID of the instance (copied in Step 1: Get the instance ID) as the password to the P12.

Step 4: Browse to EJBCA Admin Web

With the credentials installed, click Administration in the Public Web to access the EJBCA Admin Web at the URL:
https://<AWS Public DNS Name or AWS Public IP Address>/ejbca/adminweb

Your browser should now recognize your new certificate and open the EJBCA Admin Web displaying the Administration page.

If you are not able to access the Admin Web, see Troubleshooting.