This article shows how to complete the whole initialization of your PKI system from the very beginning to a successful completion of its initialization.
- Start Amazon Enigma Bridge PKI instance
- Connect to the AMI instance via Putty SSH client software
- Initialize the EB PKI system
- Install administrator authentication key on your computer
What you need:
- An account with Amazon AWS - if you look for a trial, you can create an instance with initial 750 hours of free usage on Amazon AWS.
Start Enigma Bridge PKI Instance
- Go to https://enigmabridge.com/amazonpki , click "Launch your PKI" and select the AWS Region.
- The link will take you directly to Amazon AWS and initiates creation of a new server instance. (You need to have an AWS account.)
- You can download putty.exe and puttygen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- Start 'puttykeygen.exe' utility in your Windows computer.
- Select File->Load private key
- Select the file you downloaded from Amazon AWS - the pem file for management of your AMI instance.
- Confirm the key loading.
- Set your private key protection password (optional, 'Key passphrase') and click 'Save private key'
- You should now have *.ppk file with private key for AMI authentication usable by Putty.
- Let's now create a new connection to your PKI instance.
- Start "putty.exe"
- Find the public IP address of your PKI instance on Amazon - the screen is similar to the following picture.
- Fill 'Host name (or IP address)' filled with Public DNS value obtained when launching the instance (Running EC2 image).
- Set path to your private key in Putty→Connection→SSH→Auth→Private key file for authentication.
- Save connection details in Session→Saved sessions→Save for later use.
- Click 'Open' to login to target AMI instance.
- Verify AMI instance fingerprint against your EC2 console and press 'Yes' in case of fingerprint match.
- Type 'ec2-user' as user name into 'Login as' field.
- Type your private key passphrase (optional, if set during step 6 above).
- Now you are logged into your Amazon AMI instance.
Initialize the EB PKI system
- Type 'sudo -E -H /usr/bin/ebaws' to start EJBCA console. Note: it will do an update and eventually show this screen.
- Type 'init' command to start initialization.
- You will be asked to enter your email address to obtain all details from installation - we will also create a support account for you.
- You will be sent an authorization challenge via email. This challenge has to be intered into the putty terminal.
- Click the link, create a password for your new account and get the challenge.
- If using a small instance, it will be configured for the PKI system.
- It's time for a cup of coffee - it takes up to 15 minutes (usually 11-12 minutes) to complete the initialization.
- LetsEncrypt certificate for your newly registered utility domain
- Configuration of SoftHSM token
- Installation and deployment of PKI software
- Generation of EnigmaBridge cryptography tokens
- Installation and setup is complete when '[OK] System installation is completed' message is shown.
- Needed for the first connection to the web front-end.
- P12 file with your administrator key - scp command for downloading it, e.g., 'scp -i <your_Amazon_PEM_key> firstname.lastname@example.org:/home/ec2-user/ejbca-admin.p12')
- P12 file password - also displayed.
- URL to your EJBCA web management console.