This article shows how to complete the whole initialization of your PKI system from the very beginning to a successful completion of its initialization.
Steps covered:
- Start Amazon Enigma Bridge PKI instance
- Connect to the AMI instance via Putty SSH client software
- Initialize the EB PKI system
Following step:
- Install administrator authentication key on your computer
What you need:
- An account with Amazon AWS - if you look for a trial, you can create an instance with initial 750 hours of free usage on Amazon AWS.
Procedure
Start Enigma Bridge PKI Instance
- Go to https://enigmabridge.com/amazonpki , click "Launch your PKI" and select the AWS Region.
- The link will take you directly to Amazon AWS and initiates creation of a new server instance. (You need to have an AWS account.)
Connect to the AMI instance
You may have already done it but if you use MS Windows with "putty" as an SSH client, you need to convert "PEM" files with your authentication key pair into a "PPK" file for putty.
- You can download putty.exe and puttygen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- Start 'puttykeygen.exe' utility in your Windows computer.
- Select File->Load private key
- Select the file you downloaded from Amazon AWS - the pem file for management of your AMI instance.
- Confirm the key loading.
- Set your private key protection password (optional, 'Key passphrase') and click 'Save private key'
- You should now have *.ppk file with private key for AMI authentication usable by Putty.
- Let's now create a new connection to your PKI instance.
- Start "putty.exe"
- Find the public IP address of your PKI instance on Amazon - the screen is similar to the following picture.
- Fill 'Host name (or IP address)' filled with Public DNS value obtained when launching the instance (Running EC2 image).
- Set path to your private key in Putty→Connection→SSH→Auth→Private key file for authentication.
- Save connection details in Session→Saved sessions→Save for later use.
- Click 'Open' to login to target AMI instance.
- Verify AMI instance fingerprint against your EC2 console and press 'Yes' in case of fingerprint match.
- Type 'ec2-user' as user name into 'Login as' field.
- Type your private key passphrase (optional, if set during step 6 above).
- Now you are logged into your Amazon AMI instance.
Initialize the EB PKI system
- Type 'sudo -E -H /usr/bin/ebaws' to start EJBCA console. Note: it will do an update and eventually show this screen.
- Type 'init' command to start initialization.
- You will be asked to enter your email address to obtain all details from installation - we will also create a support account for you.
- You will be sent an authorization challenge via email. This challenge has to be intered into the putty terminal.
- Click the link, create a password for your new account and get the challenge.
- If using a small instance, it will be configured for the PKI system.
- It's time for a cup of coffee - it takes up to 15 minutes (usually 11-12 minutes) to complete the initialization.
- LetsEncrypt certificate for your newly registered utility domain
- Configuration of SoftHSM token
- Installation and deployment of PKI software
- Generation of EnigmaBridge cryptography tokens
- Installation and setup is complete when '[OK] System installation is completed' message is shown.
- Needed for the first connection to the web front-end.
- P12 file with your administrator key - scp command for downloading it, e.g., 'scp -i <your_Amazon_PEM_key> ec2-user@bristol4.pki.enigmabridge.com:/home/ec2-user/ejbca-admin.p12')
- P12 file password - also displayed.
- URL to your EJBCA web management console.
Follow step 4 to complete setup for the PKI administrator.