To access the Admin Web of the deployed EJBCA Cloud instance, the superadmin credentials need to be retrieved from the server and installed on a system and/or browser.

PrimeKey recommends using Mozilla Firefox, since it has self-enrollment capabilities and its own keystore separate from the operating system. Note that if you are using Google Chrome, you will need to import the key file to the local machine keystore.

Step 1: Obtain Public IP Address

To obtain the public IP address of your deployed EJBCA Cloud instance in Microsoft Azure, do the following:

  1. Click the ejbcaPublicIP resource.
  2. Click Copy to clipboard next to the displayed IP address assigned to the instance.
  3. Paste this IP address into a browser or proceed to Step 2.

Step 2: Download p12 from EJBCA RA Web Interface

To obtain the credentials:

  1. Browse to EJBCA RA Web at the URL: http://<Azure Public DNS Name or Azure Public IP Address>/ejbca/ra
  2. In the RA Web, click Create Keystore under Enroll.
    A browser warning is shown as the certificate is not yet trusted in your web browser.
  3. Click Advanced > Add Exception > Confirm Security Exception to add a browser exception to continue to the secure session.

    On the Enroll with Enrollment Code page, the username of "superadmin" will already be entered for you. The password will be the one provided on the Step 3 - ManagementCA Configuration step of the Cloud Wizard 

    The username "superadmin" is case sensitive. Entering anything other than "superadmin" will result in a login error.



    Note: these credentials can only be used once and when authenticated, these credentials are expired.

  4. On the Enroll with Enrollment Code page, click Check to download your p12 file certificate.
  5. Select the algorithm desired from the Key Algorithm drop down.
  6. Select the Download PKCS12 option to download the keystore.

Optional Step: Obtain the Management CA Certificate

As an optional step, the Management CA's Certificate created during provisioning, can be imported to a machine's Trusted Root Certificate store that will be administering EJBCA. By importing the Management CA certificate to your system/browser, you ensure that administrators are presented with a green lock in their browsers upon accessing the EJBCA Admin Web for the first time, which indicates a trusted website and avoids untrusted website warnings.

To obtain the Management CA Certificate:

  • Browse to EJBCA Public Web at the URL:
    http://<Azure Public DNS Name or Azure Public IP Address>/ejbca/ra
  • Select the CA Certificates and CRLs link at the top of the page.
  • Download the CA certificate chain of the format of your choosing and import to your system/browser.

Step 3: Install p12 

With the p12 file downloaded, install the bundle on your system and/or browser's trust store.

To import the certificate in Mozilla Firefox:

  1. On the Firefox menu, select Preferences.
  2. Click Privacy & Security.
  3. Scroll down to the Security section and click View Certificates.
  4. On the tab Your Certificates, select Import.
  5. Browse to the p12 file to import and for the password enter the Instance ID of the instance (copied from the launch wizard described in the Step 4 - EJBCA Settings section).

Step 4: Browse to EJBCA Admin Web 

With the credentials installed, click Administration in the Public Web to access the EJBCA Admin Web at the URL:
https://<Azure Public DNS Name or Azure Public IP Address>/ejbca/adminweb

Your browser should now recognize your new certificate and open the EJBCA Admin Web displaying the Administration page.

Optional Step 5: Obtain the Management CA Certificate

As an optional step, the Management CA's Certificate created during provisioning can be imported to a machine's Trusted Root Certificate store that will be administering EJBCA. By importing the Management CA certificate to your system/browser, you ensure that administrators are presented with a green lock in their browsers upon accessing the EJBCA Admin Web for the first time, which indicates a trusted website and avoids untrusted website warnings.

To obtain the Management CA Certificate:

  1. Browse to EJBCA Public Web at the URL:
    http://<Azure Public DNS Name or Azure Public IP Address>
  2. Select Fetch CA Certificates.
  3. Download the CA certificate chain of the format of your choosing and import to your system/browser.