- Launch Guide
- Quick Start Guide
- Backup Guide
- Restore and Upgrade Guide
- TLS Certificate Generation Guide
- Cluster Configuration Guide
Peering to EJBCA Cloud Configuration Guide
- AWS Operating Environment
- EJBCA/SignServer Peering Security Groups
- Generate TLS Certificates for SignServer
- Allow Peer Connections in SignServer
- Peer Connection Configuration
- Creating the Peer Connection
- Allow Peer Connection in SignServer
- Configuring Automatic Generation and Key Renewal over Peers
- Automatically Renewing the Key Binding Key
SignServer CloudHSM Integration Guide
- Multiple Crypto Tokens with AWS CloudHSM
- Create a CloudHSM Cluster
- Use OpenSSL to Validate the HSM
- Initialize the CloudHSM
- Assigning Security Group
- Configure the cloudhsm-client
- PKCS11 PIN
- Activate Cluster
- Create a CloudHSM Crypto User
- Create Keystore in HSM with ClientToolBox
- Test with EJBCA ClientToolBox
- Create CryptoToken in SignServer
- Restoring HSM Backup to New Instance
TLS Certificate Generation Guide
This guide is intended to show an administrator of a PrimeKey SignServer Cloud AWS instance how to generate new Transport Layer Security (TLS) certificates.
For the latest SignServer Enterprise documentation, see SignServer Documentation.
For information on AWS Public IP addressing, refer to the AWS documentation on Public IPv4 Addresses and External DNS Hostnames.
New TLS certificates are needed in the following circumstances:
- SignServer Cloud instance is shut down within the Amazon environment and the Public IP is released by Amazon.
- An Elastic IP is added to the instance in place of the Public IP for persistence.
- A custom DNS name is desired.
When using tools such as the ClientToolBox, the following error may be displayed:
"No subject alternative DNS name matching <instance ip>.compute-1.amazonaws.com found".
If this is encountered, perform the steps in this guide.