SignServer Cloud AWS
- AWS Launch Guide
- Quick Start Guide
- AWS Backup Guide
- AWS Restore and Upgrade Guide
- AWS TLS Certificate Generation Guide
- AWS Cluster Configuration Guide
Peering to EJBCA Cloud AWS Configuration Guide
- AWS Operating Environment
- EJBCA/SignServer Peering Security Groups
- Generate TLS Certificates for SignServer
- Allow Peer Connections in SignServer
- Peer Connection Configuration
- Creating the Peer Connection
- Allow Peer Connection in SignServer
- Configuring Automatic Generation and Key Renewal over Peers
- Automatically Renewing the Key Binding Key
SignServer CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- Create a CloudHSM Cluster
- Use OpenSSL to Validate the HSM
- Initialize the CloudHSM
- Assigning Security Group
- Configure the cloudhsm-client
- PKCS11 PIN
- Activate Cluster
- Create a CloudHSM Crypto User
- Create Keystore in HSM with ClientToolBox
- Test with EJBCA ClientToolBox
- Create CryptoToken in SignServer
- Restoring HSM Backup to New Instance
SignServer Cloud Azure
- Azure Launch Guide
- Azure Key Vault Integration Guide
- SignServer Cloud Release Notes
Optional - Using Expect to Automate Backups
Use the commands
autoexpect to automate the backup script and avoid the script to prompt for input. This is recommended in order to not require the user running the scrips to supply the password via the CLI and also allow for permissions on the file containing the password to be locked down.
First, we need to build the
expect script by running a backup with expect to record the process.
Start by typing the following command in the preferred home directory.
This creates a file called
backup_password.expwhich is essentially a recording of the prompts used during the running of the script.
# autoexpect -f backup_password.exp /opt/PrimeKey/support/system_backup.sh
backup_password.expfile now has the contents of the options we used in the running of the backup.
backup_password.expfile contains the password used to protect the backup in plan text.
If you are uncomfortable with this, remove the file or proceed to protect the file with permissions.
# sudo chown ec2_user backup_password.exp //make ec2_user the owner. # sudo chmod 700 backup_password.exp //make file only readable by ec2_user.
Next, run the backup with the file containing the recording of the process by using the
# expect -f backup_password.exp /opt/PrimeKey/support/system_backup.sh
The backup file was created and the prompts filled out as specified.
Add this script to cron (if desired) in the next section Optional - Automating the Backup Script.