Retrieving SuperAdmin Credentials

To access the Admin Web of the deployed EJBCA Cloud instance, the superadmin credentials need to be retrieved from the server and installed on a system and/or browser.

PrimeKey recommends using Mozilla Firefox, since it has self-enrollment capabilities and its own keystore separate from the operating system. Note that if you are using Google Chrome, you will need to import the key file to the local machine keystore.

Step 1: Obtain Public IP Address

To obtain the public IP address of your deployed EJBCA Cloud instance in Microsoft Azure, do the following:

  1. Click the ejbcaPublicIP resource.

  2. Click Copy to clipboard next to the displayed IP address assigned to the instance.

  3. Paste this IP address into a browser or proceed to Step 2.

Step 2: Download p12 from EJBCA Public Web

To obtain the credentials:

  1. Browse to EJBCA Public Web at the URL: http://<Azure Public DNS Name or Azure Public IP Address>
  2. In the Public Web, click Create Keystore under Enroll.
    A browser warning is shown as the certificate is not yet trusted in your web browser.
  3. Click Advanced > Add Exception > Confirm Security Exception to add a browser exception to continue to the secure session.
  4. On the Keystore Enrollment page, enter the default username superadmin and enter the password used in the launch wizard described in the EJBCA Credentials section as your password and click OK.

    Note: these credentials can only be used once and when authenticated, these credentials are expired.
  5. On the Token Certificate Enrollment page, click Enroll to download your p12 file certificate.

Step 3: Install p12 

With the p12 file downloaded, install the bundle on your system and/or browser's trust store.

To import the certificate in Mozilla Firefox:

  1. On the Firefox menu, select Preferences.
  2. Click Privacy & Security.
  3. Scroll down to the Security section and click View Certificates.
  4. On the tab Your Certificates, select Import.
  5. Browse to the p12 file to import and for the password enter the Instance ID of the instance (copied from the launch wizard described in the  EJBCA Credentials section).

Step 4: Browse to EJBCA Admin Web 

With the credentials installed, click Administration in the Public Web to access the EJBCA Admin Web at the URL:
https://<Azure Public DNS Name or Azure Public IP Address>/ejbca/adminweb

Your browser should now recognize your new certificate and open the EJBCA Admin Web displaying the Administration page.

Optional Step 5: Obtain the Management CA Certificate

As an optional step, the Management CA's Certificate created during provisioning can be imported to a machine's Trusted Root Certificate store that will be administering EJBCA. By importing the Management CA certificate to your system/browser, you ensure that administrators are presented with a green lock in their browsers upon accessing the EJBCA Admin Web for the first time, which indicates a trusted website and avoids untrusted website warnings.

To obtain the Management CA Certificate:

  1. Browse to EJBCA Public Web at the URL:
    http://<Azure Public DNS Name or Azure Public IP Address>
  2. Select Fetch CA Certificates.
  3. Download the CA certificate chain of the format of your choosing and import to your system/browser.