Online Help EJBCA Hardware Appliance 3.5.2 Release date: June 2020 © 2020 PrimeKey Published by PrimeKey Solutions AB Solna Access, Sundbybergsvägen 1 SE-171 73 Solna, Sweden To report errors, please send a note to [email protected] Notice of Rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. For more information on getting permission for reprints and excerpts, contact [email protected] Notice of Liability The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the authors nor PrimeKey shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in the book or by computer software and hardware products described in it. Trademarks Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and PrimeKey was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book. Table of Contents 1 Introduction .........................................................................................................................6 1.1 Technical Specifications ................................................................................................................................ 6 2 Hardware Appliance Installation........................................................................................7 2.1 EJBCA Hardware Appliance Unboxing .......................................................................................................... 7 2.1.1 Scope of delivery..........................................................................................................................................7 2.1.2 Overview - Front ...........................................................................................................................................8 2.1.3 Overview - Back............................................................................................................................................9 2.1.4 Taking into Operation / Powering Up ...................................................................................................... 10 2.2 Initial Set-up................................................................................................................................................... 11 2.2.1 Step 1: External Erase and Factory Reset................................................................................................ 11 2.2.2 Step 2: One Time Password and TLS Fingerprint ................................................................................... 13 2.2.3 Step 3: Changing the IP Address of the EJBCA Hardware Appliance ................................................... 14 2.2.4 Step 4: Connecting to the EJBCA Hardware Appliance.......................................................................... 15 2.2.5 Step 5: Running WebConf Wizard ............................................................................................................ 16 2.3 Restore from Backup.................................................................................................................................... 30 2.3.1 Restore Standalone System from Backup .............................................................................................. 30 2.4 Connect to Cluster ........................................................................................................................................ 31 2.5 Using external CA for installation ................................................................................................................ 32 2.5.1 Step 1: Configuring the smart card in Firefox ......................................................................................... 33 2.5.2 Step 2: Installing the first EJBCA Hardware Appliance .......................................................................... 35 2.5.3 Step 3: Installing EJBCA Hardware Appliance with existing Management CA..................................... 40 3 Hardware Appliance Operations..................................................................................... 42 3.1 Basic Hardware Operations ......................................................................................................................... 42 3.1.1 Audible Feedback ..................................................................................................................................... 42 3.1.2 Smart Card Handling ................................................................................................................................ 43 3.1.3 EJBCA Hardware Appliance Battery Adapter.......................................................................................... 49 3.2 WebConf - Configurator of EJBCA Hardware Appliance............................................................................ 52 3.2.1 Status......................................................................................................................................................... 53 3.2.2 Network ..................................................................................................................................................... 53 3.2.3 Access ....................................................................................................................................................... 56 3.2.4 HSM ........................................................................................................................................................... 60 3.2.5 Backup....................................................................................................................................................... 64 3.2.6 Cluster........................................................................................................................................................ 67 3.2.7 Monitoring ................................................................................................................................................. 68 3.2.8 Platform..................................................................................................................................................... 75 3.3 Certificates and trusted CAs ........................................................................................................................ 80 3.3.1 Creating a new TLS server side certificate for Application interface .................................................... 80 3.3.2 Changing client certificate and trusted CA for Management interface................................................. 86 3.3.3 Changing client certificate and trusted CA for Application interface.................................................... 89 3.4 Maintenance.................................................................................................................................................. 91 3.4.1 EJBCA Hardware Appliance States ......................................................................................................... 91 3.4.2 Reasons for Maintenance state............................................................................................................... 91 3.4.3 Effects of the Maintenance state ............................................................................................................ 92 3.4.4 Support Packages..................................................................................................................................... 94 3.5 Setting up a Validation Authority (VA)......................................................................................................... 95 3.5.1 OCSP CA-VA setup with Peer Connector ................................................................................................ 96 3.5.2 VA setup for CRL Downloader service................................................................................................... 111 3.6 HA Setup...................................................................................................................................................... 114 3.6.1 Scope of Availability ............................................................................................................................... 114 3.6.2 Continuous Service Availability.............................................................................................................. 116 3.6.3 Levels of Availability ............................................................................................................................... 116 3.6.4 High Availability ...................................................................................................................................... 117 3.6.5 Backup, Restore and Update .................................................................................................................