EJBCA Cloud AWS
- AWS Launch Guide
Quick Start Guide
- Create Crypto Tokens
- Create Root CA Certificate Profile
- Create Issuing CA Certificate Profile
- Create Certificate Authorities
- Create User and Workstation Profiles
- Create End Entity Profiles
- Request Certificate
- Create Another Administrator Account
- Import Certificate to Mozilla Firefox
- Configure Health Checks
- Create CRL Updater Service
- AWS Backup Guide
- AWS Restore and Upgrade Guide
- AWS TLS Certificate Generation Guide
- AWS RA Configuration and Administration Guide
- AWS VA Configuration and Administration Guide
- AWS Cluster Configuration Guide
AWS CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- 1 - Create CloudHSM Cluster
- 2 - Use OpenSSL to Validate the HSM
- 3 - Initialize the CloudHSM
- 4 - Assigning the Security Group to the EJBCA Instance
- 5 - Configure the cloudhsm-client
- 6 - PKCS11 PIN
- 7 - Activate the Cluster
- 8 - Create a CloudHSM Crypto User
- 9 - Create a Keystore in the HSM with clientToolBox
- 10 - Test with EJBCA ClientToolbox
- 11 - Create a CryptoToken in EJBCA
- Appendix A - Restoring an HSM Backup to a New Instance
- Appendix B - Troubleshooting HSM Issues
AWS Certificate Manager Integration Guide
- Provisioning an EJBCA Instance and setting up CloudHSM
- Create Root CA Keys
- Create CloudHSM Crypto Token for Root CA
- Create the Root and Issuing CA Certificate Profiles
- Create End Entity Sub CA Profile
- Create Root CA that uses the CloudHSM Crypto Token
- Create AWS ACM Certificate Authority CSR
- Add ACM PCA End Entity
- Generate the ACM PCA Certificate for AWS
- Fulfill the Pending ACM PCA Certificate Request
- AWS S3 Publisher Configuration Guide
- How to Create Support Package
EJBCA Cloud Azure
- Azure Launch Guide
- Azure Backup Guide
- Azure Restore and Upgrade Guide
- Azure TLS Certificate Generation Guide
- Azure RA Configuration and Administration Guide
- Azure VA Configuration and Administration Guide
- Azure Cluster Configuration Guide
- Azure Key Vault Integration Guide
- How to Create Azure Support Package
Create User and CLI Key
To create a user and CLI key, do the following:
- Login to the AWS Console that contains your EJBCA Cloud Instance.
- Select Services, IAM.
- If a user does not already exist for access to S3, create one by clicking Users.
- Click Add User and add a username for this user, for example EJBCAS3CRLPublisher.
- Select the Access type Programmatic access to allow this user to use the CLI (as well as other APIs) only.
- Click Next: Permissions and select Attach existing policies directly.
- In the Filter policies search box, enter S3 and then select AmazonS3FullAccess. If required, you may create more restricted access.
- Click Next: Tags.
- Add any optional tags and then click Next: Review.
- Click Create user.
- The confirmation screen shows successful user creation. Note the Access key ID and Secret access key. Download the CSV file that contains these items or store them in a secure place such as KeyPass or LastPass. These credentials will be needed in the AWS CLI Configuration.
- Click Close.
Optional: Create a Role for the User
To optionally create a role for the user, do the following:
- If a role does not already exist for access to S3, create one by clicking Roles > Create Role.
- Select S3 under the section Choose the service that will use this role, and then click Next: Permissions.
- In the Filter policies search box, type S3 and then select AmazonS3FullAccess. If you would like to create more restricted access, you may do so. Click Next: Tags.
- Add any optional tags and click Next: Review.
- In Role name, enter a name for the role, for example, S3FullAccessForAWSCLI.
- Click Create Role and confirm that the following message is shown.
- You can then attach this role to a user instead of a policy.
Next, Configure the AWS CLI.