SignServer Enterprise
Cloud Edition Launch
Guide
Print date: 2018-11-01
SignServer Enterprise Cloud Edition Launch Guide
2( )15 © 2018 PRIMEKEY
Table of Contents
Introduction _______________________________________________________________________ 3
Documentation __________________________________________________________________ 3
Launch SignServer Enterprise Cloud Edition _____________________________________________ 4
Step 1: Select SignServer ECE Instance ______________________________________________ 4
Locate SignServer ECE on AWS Marketplace _______________________________________ 4
Accept the Terms _____________________________________________________________ 5
Continue to Configuration _______________________________________________________ 5
Step 2: Configure SignServer Enterprise Cloud Edition ___________________________________ 6
Step 3: Launch SignServer Enterprise Cloud Edition _____________________________________ 7
Instance Type ________________________________________________________________ 7
VPC and Security Group _______________________________________________________ 8
Key Pair ____________________________________________________________________ 9
Step 4: View Software Installation Details and Status ____________________________________ 10
Confirm Running SignServer ECE Instance ________________________________________ 10
Login to SignServer Enterprise Cloud Edition ___________________________________________ 11
Step 1: Get the Instance ID _______________________________________________________ 11
Step 2: Download p12 file from SignServer Keystore Retrieval Webpage ____________________ 11
Step 3: Download Credentials ______________________________________________________ 12
Step 4: Install p12 _______________________________________________________________ 13
Step 5: Browse to SignServer Admin Web ____________________________________________ 14
Troubleshooting __________________________________________________________________ 15
Issues Accessing Public or Admin Web ______________________________________________ 15
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 3( )15
Introduction
This guide is intended to help users deploy SignServer Enterprise Cloud Edition from Amazon Web
Services (AWS) Marketplace and log in to the SignServer Administration Web for the first time.
Documentation
SignServer Enterprise Cloud Edition documentation is available on:
https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest
SignServer Enterprise Edition documentation is available on:
https://download.primekey.com/docs/SignServer-Enterprise/current
Additional information on SignServer Community Edition is available on: www.signserver.org
SignServer Enterprise Cloud Edition Launch Guide
4( )15 © 2018 PRIMEKEY
Launch SignServer Enterprise Cloud Edition
This section describes how to launch SignServer Enterprise Cloud Edition (ECE) from AWS
Marketplace.
The EC2 Console is a web interface that allows you to configure the SignServer ECE instance details
from a web browser before you launch it. Follow the instructions below to launch a SignServer
Enterprise Cloud Edition EC2 instance:
Step 1: Select SignServer ECE Instance
Step 2: Configure SignServer Enterprise Cloud Edition
Step 3: Launch SignServer Enterprise Cloud Edition
Step 4: View Software Installation Details and Status
Step 1: Select SignServer ECE Instance
Locate SignServer ECE on AWS Marketplace
Browse to the and search for "primekey" to display four results: two for EJBCA AWS Marketplace
Enterprise Cloud Edition, and two for SignServer Enterprise Cloud Edition. Each is available in
standard 8x5 support and premium 24x7 support.
Select the instance type to use and click the title of the desired listing, in this case SignServer
. Review the details and click .Enterprise Cloud Edition 24x7 Support Continue to Subscribe
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 5( )15
Accept the Terms
Click to agree to the terms of use and subscribe.Accept Terms
Continue to Configuration
The following message displays. Click to review your instance.Continue to Configuration
SignServer Enterprise Cloud Edition Launch Guide
6( )15 © 2018 PRIMEKEY
Step 2: Configure SignServer Enterprise Cloud Edition
Select the options desired for Software Version and Region. The defaults should be sufficient.
Optionally, you can select an annual option to save 20% off the AWS list price. Skip this section if this
is not desired. If you choose this option, select the Instance Type, and number of subscriptions
desired.
Click .Continue to Launch to continue the setup
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 7( )15
Step 3: Launch SignServer Enterprise Cloud Edition
Review your configuration and select instance type and settings.
Instance Type
Amazon EC2 provides a selection of instance types optimized to fit different use cases. Instance types
comprise varying combinations of CPU, memory, and storage.
The following instance types are available:
Size Type Memory CPU Storage
m3.large 7 GiB 6.5 EC2 Compute Units (2 virtual cores with
3.25 EC2 Compute Units each)
1 x 32 GB SSD
t2.2xlarge 32 GiB 8 virtual cores EBS storage only
t2.xlarge 16 GiB 4 virtual cores EBS storage only
t2.medium 4 GiB 2 virtual cores EBS storage only
Select one of the supported instance types, in this case .t2.xlarge
SignServer Enterprise Cloud Edition Launch Guide
8( )15 © 2018 PRIMEKEY
VPC and Security Group
Select the desired VPC and Subnet. For more information on getting started with Amazon Virtual
Private Cloud (Amazon VPC), refer to AWS Documentation on .VPCs and Subnets
For the Security Group, click the button that allows .Create New Based on Seller Settings
If you wish to create your own Security Group, you need to allow port range 80, 443 and 22. For
details, see .VPC and Security Group
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 9( )15
Key Pair
Choose a Key Pair to associate with this SignServer Enterprise Cloud Edition EC2 instance.
Specify the name of the key pair you plan to use to access the command line of the SignServer
instance. When you later connect to the instance, you must specify the private key that corresponds to
the key pair you specify now when launching the instance. For information on creating a key pair using
Amazon EC2, refer to AWS Documentation on .Amazon EC2 Key Pairs
Click and then click .Save Launch
SignServer Enterprise Cloud Edition Launch Guide
10( )15 © 2018 PRIMEKEY
Step 4: View Software Installation Details and Status
After launching, the AMI details are displayed, and the status of the deployment is available in the EC2
Dashboard.
Click to view your instance.EC2 Console
Confirm Running SignServer ECE Instance
It may take several minutes for your instance to launch. After the changes from Instance State
to , the SignServer ECE instance is started.pending running
Click the pencil icon in the column to give the AMI a name like Name SignServer Enterprise
to make it easier to identify.Cloud Edition
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 11( )15
1.
2.
3.
1.
2.
Login to SignServer Enterprise Cloud Edition
This section describes how to log in to SignServer Enterprise Cloud Edition (ECE) for the first time,
following these steps:
Step 1: Get the Instance ID
Step 2: Download p12 file from SignServer Keystore Retrieval Webpage
Step 3: Download Credentials
Step 4: Install p12
Step 5: Browse to SignServer Admin Web
To access the Admin Web of the deployed SignServer ECE instance, the superadmin credentials need
to be retrieved from the server and installed on a system and/or browser.
PrimeKey recommends using Mozilla Firefox since it currently has self-enrollment capabilities and its
own keystore separate from the operating system. Note that if you are using Google Chrome, you will
need to import the key file to the local machine keystore.
Step 1: Get the Instance ID
You must use the Instance ID of your running instance to download and install the p12 file in the steps
described below. To get the instance ID of your instance, do the following:
In the Amazon EC2 Console, go to Instance details.
In the lower pane, click the tab. The is the ID for the instance.Description Instance ID
Click the icon next to the instance ID to copy the instance ID to your clipboard.
Step 2: Download p12 file from SignServer Keystore Retrieval Webpage
To obtain the keystore:
Enter the SignServer Keystore URL into your browser:
https://<AWS Public DNS Name or AWS Public IP Address>/keystore
The username is "superadmin" and the password is the see Instance ID, Step 1: Get the
. If you copied the instance ID to your clipboard, paste it into the password field.instance ID
SignServer Enterprise Cloud Edition Launch Guide
12( )15 © 2018 PRIMEKEY
1.
2.
Note that these credentials only can be used and when authenticated, these credentials are once
expired.
If you are not able to access the keystore retrieval page, refer to the section.Troubleshooting
Step 3: Download Credentials
At the bottom of the Keystore retrieval page is the link to the superadmin.p12 file. Download this
file and keep it safe.
Upon clicking on the download link, a p12 file will be prompted to download. Please keep this
file safe.
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 13( )15
1.
2.
3.
4.
5.
Note that once the download link is selected the keystore retrieval page will no longer be accessible. If
the p12 file is ever lost it can be retrieved from the instance directly from the directory /opt
./signserver/p12/pem
Step 4: Install p12
With the p12 file downloaded, install the bundle on your system and/or browser's trust store.
To install the credentials in Mozilla Firefox:
On the menu, select .Firefox Preferences
Click .Privacy & Security
Scroll down to the section and click .Security View Certificates
On the tab , select .Your Certificates Import
Browse to the p12 file to import and enter a password.
The password is the of the SignServer ECE instance, see Instance ID Step 1: Get the instance
.ID
SignServer Enterprise Cloud Edition Launch Guide
14( )15 © 2018 PRIMEKEY
Step 5: Browse to SignServer Admin Web
With the credentials installed, select the or access to SignServer Admin Web at the URL:AdminWeb
.https://<AWS Public DNS Name or AWS Public IP Address>/SignServer/adminweb
If you are not able to access the Admin Web, refer to the section.Troubleshooting
You will be prompted with a certificate dialog to authenticate to the adminweb of your instance.
SignServer Enterprise Cloud Edition Launch Guide
© 2018 PRIMEKEY 15( )15
Troubleshooting
Issues Accessing Public or Admin Web
If you are not able to access the Public Web or Admin Web, ensure that the Security Group
associated with this instance has the following ports allowed from your IP:
Allow Inbound: