EJBCA Cloud AWS
- AWS Launch Guide
Quick Start Guide
- Create Crypto Tokens
- Create Root CA Certificate Profile
- Create Issuing CA Certificate Profile
- Create Certificate Authorities
- Create User and Workstation Profiles
- Create End Entity Profiles
- Request Certificate
- Create Another Administrator Account
- Import Certificate to Mozilla Firefox
- Configure Health Checks
- Create CRL Updater Service
- AWS Backup Guide
- AWS Restore and Upgrade Guide
- AWS TLS Certificate Generation Guide
- AWS RA Configuration and Administration Guide
- AWS VA Configuration and Administration Guide
- AWS Cluster Configuration Guide
AWS CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- 1 - Create CloudHSM Cluster
- 2 - Use OpenSSL to Validate the HSM
- 3 - Initialize the CloudHSM
- 4 - Assigning the Security Group to the EJBCA Instance
- 5 - Configure the cloudhsm-client
- 6 - PKCS11 PIN
- 7 - Activate the Cluster
- 8 - Create a CloudHSM Crypto User
- 9 - Create a Keystore in the HSM with clientToolBox
- 10 - Test with EJBCA ClientToolbox
- 11 - Create a CryptoToken in EJBCA
- Appendix A - Restoring an HSM Backup to a New Instance
- Appendix B - Troubleshooting HSM Issues
AWS Certificate Manager Integration Guide
- Provisioning an EJBCA Instance and setting up CloudHSM
- Create Root CA Keys
- Create CloudHSM Crypto Token for Root CA
- Create the Root and Issuing CA Certificate Profiles
- Create End Entity Sub CA Profile
- Create Root CA that uses the CloudHSM Crypto Token
- Create AWS ACM Certificate Authority CSR
- Add ACM PCA End Entity
- Generate the ACM PCA Certificate for AWS
- Fulfill the Pending ACM PCA Certificate Request
- AWS S3 Publisher Configuration Guide
- How to Create Support Package
EJBCA Cloud Azure
- Azure Launch Guide
- Azure Backup Guide
- Azure Restore and Upgrade Guide
- Azure TLS Certificate Generation Guide
- Azure RA Configuration and Administration Guide
- Azure VA Configuration and Administration Guide
- Azure Cluster Configuration Guide
- Azure Key Vault Integration Guide
- How to Create Azure Support Package
- EJBCA Cloud Release Notes
Launch EJBCA Enterprise Cloud on Azure
The following describes how to launch EJBCA Enterprise Cloud from Azure Marketplace.
The Azure Portal is a web interface that allows you to configure the EJBCA Enterprise Cloud instance details from a web browser before you launch it. Follow the instructions below to launch an EJBCA Cloud Azure instance.
Locate EJBCA Cloud in the Azure Marketplace
Browse to the Azure Marketplace and search for "primekey" to display the EJBCA Cloud. Review the plans as desired under the plans tab to see the different pricing options. Select the instance type to use and click GET IT NOW.
Select the desired support level, 8x5 or 24x7 and specify the contact information as required my Microsoft.
Launch the Instance
This action will redirect you to the Azure portal. Login to the Azure portal if not already done, confirm that the proper support plan is selected, and then click Create.
This will bring you to the EJBCA Cloud Launch Wizard for Azure. Select the desired subscription, click Create new and enter the name of a Resource Group that will hold all of the EJBCA Cloud resources, and then click OK.
Select a location for the virtual machine and click OK.
A Virtual Network is predefined with a 10.2.0.0/16 network. If a different virtual network is desired, enter the desired values and then click OK.
Select Subnets and optionally change the subnet names and prefix before clicking OK.
Select the IP Range that will be allowed to connect to this instance. For a single IP use a /32, for example, 220.127.116.11/32.
Enter the Admin Username that will be allowed to SSH into the EJBCA Enterprise Cloud Instance.
Select the Authentication Type, either Password or SSH public key.
- If using password, enter it twice. Password must be at least 12 characters long and have 3 out of the following: one number, one lower case, one upper case, or one special character.
- If entering an SSH key, copy and paste an RSA public key in the single-line format (starting with "ssh-rsa") or the multi-line PEM format. You can generate SSH keys using ssh-keygen on Linux and OS X, or PuTTYGen on Windows.
The default VM size is a 2 Core 8GB RAM virtual machine. To change the size, click Change size Some default recommended sizes are shown. To see more options, click Clear all filters. The prices Azure charges will be shown as well as the resources available for those virtual machines. These charges are separate from the PrimeKey licensing charges associated with the marketplace. Once the desired virtual machine is chosen, click Select, and then click OK.
Enter the EJBCA Superadmin Password in the dialog shown. This password will be used to retrieve the superadmin.p12 file that will be downloaded from the public web. The password must be at least 12 characters long and have 3 out of the following: one number, one lower case, one upper case, or one special character.
Once a valid password is entered, click OK.
The system will run a final validation. This will check your settings as well as the resource allocations you selected.
Once the Validation passes, click OK.
The deployment will begin. Once you see Deployment in progress..., select the link to see the details of the deployment:
Wait for the details of the deployment to appear. The typical deployment takes about 7-8 minutes in the Microsoft Azure environment.
Wait until all of the of the deployed resources are green. Within a few minutes after this the instance should be available on the public IP deployed to the host.