signserver enterprise cloud edition launch guide · step 3: launch signserver enterprise cloud...

SignServer Enterprise

Cloud Edition Launch

Guide

Print date: 2018-11-01

SignServer Enterprise Cloud Edition Launch Guide

2( )15 © 2018 PRIMEKEY

Table of Contents

Introduction _______________________________________________________________________ 3

Documentation __________________________________________________________________ 3

Launch SignServer Enterprise Cloud Edition _____________________________________________ 4

Step 1: Select SignServer ECE Instance ______________________________________________ 4

Locate SignServer ECE on AWS Marketplace _______________________________________ 4

Accept the Terms _____________________________________________________________ 5

Continue to Configuration _______________________________________________________ 5

Step 2: Configure SignServer Enterprise Cloud Edition ___________________________________ 6

Step 3: Launch SignServer Enterprise Cloud Edition _____________________________________ 7

Instance Type ________________________________________________________________ 7

VPC and Security Group _______________________________________________________ 8

Key Pair ____________________________________________________________________ 9

Step 4: View Software Installation Details and Status ____________________________________ 10

Confirm Running SignServer ECE Instance ________________________________________ 10

Login to SignServer Enterprise Cloud Edition ___________________________________________ 11

Step 1: Get the Instance ID _______________________________________________________ 11

Step 2: Download p12 file from SignServer Keystore Retrieval Webpage ____________________ 11

Step 3: Download Credentials ______________________________________________________ 12

Step 4: Install p12 _______________________________________________________________ 13

Step 5: Browse to SignServer Admin Web ____________________________________________ 14

Troubleshooting __________________________________________________________________ 15

Issues Accessing Public or Admin Web ______________________________________________ 15


© 2018 PRIMEKEY 3( )15

Introduction

This guide is intended to help users deploy SignServer Enterprise Cloud Edition from Amazon Web

Services (AWS) Marketplace and log in to the SignServer Administration Web for the first time.

Documentation

SignServer Enterprise Cloud Edition documentation is available on:

https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest

SignServer Enterprise Edition documentation is available on:

https://download.primekey.com/docs/SignServer-Enterprise/current

Additional information on SignServer Community Edition is available on: www.signserver.org

https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest

https://download.primekey.com/docs/SignServer-Enterprise/current

https://www.signserver.org


4( )15 © 2018 PRIMEKEY

Launch SignServer Enterprise Cloud Edition

This section describes how to launch SignServer Enterprise Cloud Edition (ECE) from AWS

Marketplace.

The EC2 Console is a web interface that allows you to configure the SignServer ECE instance details

from a web browser before you launch it. Follow the instructions below to launch a SignServer

Enterprise Cloud Edition EC2 instance:

Step 1: Select SignServer ECE Instance

Step 2: Configure SignServer Enterprise Cloud Edition

Step 3: Launch SignServer Enterprise Cloud Edition

Step 4: View Software Installation Details and Status

Step 1: Select SignServer ECE Instance

Locate SignServer ECE on AWS Marketplace

Browse to the and search for "primekey" to display four results: two for EJBCA AWS Marketplace

Enterprise Cloud Edition, and two for SignServer Enterprise Cloud Edition. Each is available in

standard 8x5 support and premium 24x7 support.

Select the instance type to use and click the title of the desired listing, in this case SignServer

. Review the details and click .Enterprise Cloud Edition 24x7 Support Continue to Subscribe

https://aws.amazon.com/marketplace


© 2018 PRIMEKEY 5( )15

Accept the Terms

Click to agree to the terms of use and subscribe.Accept Terms

Continue to Configuration

The following message displays. Click to review your instance.Continue to Configuration


6( )15 © 2018 PRIMEKEY

Step 2: Configure SignServer Enterprise Cloud Edition

Select the options desired for Software Version and Region. The defaults should be sufficient.

Optionally, you can select an annual option to save 20% off the AWS list price. Skip this section if this

is not desired. If you choose this option, select the Instance Type, and number of subscriptions

desired.

Click .Continue to Launch to continue the setup


© 2018 PRIMEKEY 7( )15

Step 3: Launch SignServer Enterprise Cloud Edition

Review your configuration and select instance type and settings.

Instance Type

Amazon EC2 provides a selection of instance types optimized to fit different use cases. Instance types

comprise varying combinations of CPU, memory, and storage.

The following instance types are available:

Size Type Memory CPU Storage

m3.large 7 GiB 6.5 EC2 Compute Units (2 virtual cores with

3.25 EC2 Compute Units each)

1 x 32 GB SSD

t2.2xlarge 32 GiB 8 virtual cores EBS storage only

t2.xlarge 16 GiB 4 virtual cores EBS storage only

t2.medium 4 GiB 2 virtual cores EBS storage only

Select one of the supported instance types, in this case .t2.xlarge


8( )15 © 2018 PRIMEKEY

VPC and Security Group

Select the desired VPC and Subnet. For more information on getting started with Amazon Virtual

Private Cloud (Amazon VPC), refer to AWS Documentation on .VPCs and Subnets

For the Security Group, click the button that allows .Create New Based on Seller Settings

If you wish to create your own Security Group, you need to allow port range 80, 443 and 22. For

details, see .VPC and Security Group

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html


© 2018 PRIMEKEY 9( )15

Key Pair

Choose a Key Pair to associate with this SignServer Enterprise Cloud Edition EC2 instance.

Specify the name of the key pair you plan to use to access the command line of the SignServer

instance. When you later connect to the instance, you must specify the private key that corresponds to

the key pair you specify now when launching the instance. For information on creating a key pair using

Amazon EC2, refer to AWS Documentation on .Amazon EC2 Key Pairs

Click and then click .Save Launch

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html


10( )15 © 2018 PRIMEKEY

Step 4: View Software Installation Details and Status

After launching, the AMI details are displayed, and the status of the deployment is available in the EC2

Dashboard.

Click to view your instance.EC2 Console

Confirm Running SignServer ECE Instance

It may take several minutes for your instance to launch. After the changes from Instance State

to , the SignServer ECE instance is started.pending running

Click the pencil icon in the column to give the AMI a name like Name SignServer Enterprise

to make it easier to identify.Cloud Edition


© 2018 PRIMEKEY 11( )15

1.

2.

3.

1.

2.

Login to SignServer Enterprise Cloud Edition

This section describes how to log in to SignServer Enterprise Cloud Edition (ECE) for the first time,

following these steps:

Step 1: Get the Instance ID

Step 2: Download p12 file from SignServer Keystore Retrieval Webpage

Step 3: Download Credentials

Step 4: Install p12

Step 5: Browse to SignServer Admin Web

To access the Admin Web of the deployed SignServer ECE instance, the superadmin credentials need

to be retrieved from the server and installed on a system and/or browser.

PrimeKey recommends using Mozilla Firefox since it currently has self-enrollment capabilities and its

own keystore separate from the operating system. Note that if you are using Google Chrome, you will

need to import the key file to the local machine keystore.

Step 1: Get the Instance ID

You must use the Instance ID of your running instance to download and install the p12 file in the steps

described below. To get the instance ID of your instance, do the following:

In the Amazon EC2 Console, go to Instance details.

In the lower pane, click the tab. The is the ID for the instance.Description Instance ID

Click the icon next to the instance ID to copy the instance ID to your clipboard.

Step 2: Download p12 file from SignServer Keystore Retrieval Webpage

To obtain the keystore:

Enter the SignServer Keystore URL into your browser:

https://<AWS Public DNS Name or AWS Public IP Address>/keystore

The username is "superadmin" and the password is the see Instance ID, Step 1: Get the

. If you copied the instance ID to your clipboard, paste it into the password field.instance ID


12( )15 © 2018 PRIMEKEY

1.

2.

Note that these credentials only can be used and when authenticated, these credentials are once

expired.

If you are not able to access the keystore retrieval page, refer to the section.Troubleshooting

Step 3: Download Credentials

At the bottom of the Keystore retrieval page is the link to the superadmin.p12 file. Download this

file and keep it safe.

Upon clicking on the download link, a p12 file will be prompted to download. Please keep this

file safe.


© 2018 PRIMEKEY 13( )15

1.

2.

3.

4.

5.

Note that once the download link is selected the keystore retrieval page will no longer be accessible. If

the p12 file is ever lost it can be retrieved from the instance directly from the directory /opt

./signserver/p12/pem

Step 4: Install p12

With the p12 file downloaded, install the bundle on your system and/or browser's trust store.

To install the credentials in Mozilla Firefox:

On the menu, select .Firefox Preferences

Click .Privacy & Security

Scroll down to the section and click .Security View Certificates

On the tab , select .Your Certificates Import

Browse to the p12 file to import and enter a password.

The password is the of the SignServer ECE instance, see Instance ID Step 1: Get the instance

.ID


14( )15 © 2018 PRIMEKEY

Step 5: Browse to SignServer Admin Web

With the credentials installed, select the or access to SignServer Admin Web at the URL:AdminWeb

.https://<AWS Public DNS Name or AWS Public IP Address>/SignServer/adminweb

If you are not able to access the Admin Web, refer to the section.Troubleshooting

You will be prompted with a certificate dialog to authenticate to the adminweb of your instance.


© 2018 PRIMEKEY 15( )15

Troubleshooting

Issues Accessing Public or Admin Web

If you are not able to access the Public Web or Admin Web, ensure that the Security Group

associated with this instance has the following ports allowed from your IP:

Allow Inbound:

signserver enterprise cloud edition launch guide · step 3: launch signserver enterprise cloud...

Documents