We have realized that most people don't really want to spend any more time than necessary to setup commodity services - and PKI is such a service. So, while you are free to change many configuration options, a new AMI (Amazon Machine Image) will do a number of tasks for you. Initialization script:

  1. installs and configures all dependencies;
  2. registers your new Amazon virtual machine as a client with  Enigma Bridge cryptographic platform;
  3. configures PKCS#11 integration for the PKI system (EJBCA from PrimeKey);
  4. sets up a new domain name for this new PKI system; 
  5. generates and provides means to download PKI administrator authentication key; and
  6. deploys a publicly trusted certificate for the PKI system so you can securely connect to it with https as soon as the initialization is completed.