EJBCA Cloud AWS
- AWS Launch Guide
Quick Start Guide
- Create Crypto Tokens
- Create Root CA Certificate Profile
- Create Issuing CA Certificate Profile
- Create Certificate Authorities
- Create User and Workstation Profiles
- Create End Entity Profiles
- Request Certificate
- Create Another Administrator Account
- Import Certificate to Mozilla Firefox
- Configure Health Checks
- Create CRL Updater Service
- AWS Backup Guide
- AWS Restore and Upgrade Guide
- AWS TLS Certificate Generation Guide
- AWS RA Configuration and Administration Guide
- AWS VA Configuration and Administration Guide
- AWS Cluster Configuration Guide
AWS CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- 1 - Create CloudHSM Cluster
- 2 - Use OpenSSL to Validate the HSM
- 3 - Initialize the CloudHSM
- 4 - Assigning the Security Group to the EJBCA Instance
- 5 - Configure the cloudhsm-client
- 6 - PKCS11 PIN
- 7 - Activate the Cluster
- 8 - Create a CloudHSM Crypto User
- 9 - Create a Keystore in the HSM with clientToolBox
- 10 - Test with EJBCA ClientToolbox
- 11 - Create a CryptoToken in EJBCA
- Appendix A - Restoring an HSM Backup to a New Instance
- Appendix B - Troubleshooting HSM Issues
AWS Certificate Manager Integration Guide
- Provisioning an EJBCA Instance and setting up CloudHSM
- Create Root CA Keys
- Create CloudHSM Crypto Token for Root CA
- Create the Root and Issuing CA Certificate Profiles
- Create End Entity Sub CA Profile
- Create Root CA that uses the CloudHSM Crypto Token
- Create AWS ACM Certificate Authority CSR
- Add ACM PCA End Entity
- Generate the ACM PCA Certificate for AWS
- Fulfill the Pending ACM PCA Certificate Request
- AWS S3 Publisher Configuration Guide
- How to Create Support Package
EJBCA Cloud Azure
- Azure Launch Guide
- Azure Backup Guide
- Azure Restore and Upgrade Guide
- Azure TLS Certificate Generation Guide
- Azure RA Configuration and Administration Guide
- Azure VA Configuration and Administration Guide
- Azure Cluster Configuration Guide
- Azure Key Vault Integration Guide
- How to Create Azure Support Package
Create S3 Bucket
The following includes instruction for creating the bucket and enabling versioning for an existing bucket.
To create the bucket, do the following:
- Login to the AWS Console that contains your EJBCA Cloud Instance.
- Select Services, S3 and click Create Bucket.
- Enter a name for the S3 bucket in the Bucket Name field.
- Select the appropriate bucket region.
- Click Next and configure options.
To retain all versions of the CRL uploaded to the S3 bucket, select Keep all versions of an object in the same bucket. Otherwise, the default options are adequate.
- Click Next and set permissions. CRLs need to be available publicly and do not contain sensitive information. To make them public, clear the Manage public access control lists (ACLs) for this bucket restriction options.
- Click Next and then click Create bucket at the confirmation screen.
- The newly created bucket appears in the list of buckets:
The S3 bucket can now be used to store CRL files from the AWS S3 CRL Publisher.
Enable Versioning on an Existing Bucket
S3 has the ability to keep all files that are uploaded to S3. By default, every time the AWS S3 Publisher pushes a CRL to S3, it will be overwritten.
To enable versioning in order to store all CRL files for historical purposes, do the following to set the S3 bucket properties:
- Login to the AWS console and access the S3 service.
- Select the S3 bucket that will be used for storing the CRL files. In this example, s3crlbucket is used.
- Select the S3 bucket containing the CRL files.
- Select the Properties tab and click Versioning.
- Select Enable Versioning to keep all files in this bucket as new ones are uploaded, and then click Save.
- Confirm that Versioning now displays as Enabled.