Skip to main content
Skip table of contents

Authentication Key Binding

Introduction

Key bindings and Peer Connectors

Slide Deck: Key bindings and Peer Connectors

Overview: The first step is to create the Authentication Key binding.

  1. Create a crypto token for the Authentication Key binding on the CA instance.

  2. Issue the certificate for the Authentication Key binding

  3. Enable the Authentication Key binding.

Slide Reference

A designated certificate used to authenticate to other EJBCA instances

A closer look at creating the authentication key binding

Reminder you can visit the Accessing Your Environment page for details on how to connect to your Admin Web portal

Create a Crypto Token for Authentication Key Binding

  1. Open a browser and access your Admin Web Portal on the CA instance

  2. Select CA Functions >> Crypto Tokens

  3. Select Create New

  4. In the Name field, enter KeyBinding

  1. In the Type list, select SOFT

  2. Select Auto-Activation (Use)

  3. In the Authentication Code field, enter foo123

  4. In the Repeat Authentication Code enter foo123

  5. Click Save

  6. Enter SubCAAuthKeyBinding as the name for the new key, choose RSA 2048 from the list and click Generate new key pair

Set up an Authentication Key Binding

  1. Click System Functions >> Remote Authentication

  2. Click Create new…

  3. In the Name field, enter SubCAAuthKeyBinding

  4. In the Crypto Token list, select KeyBinding

  5. In the Key Pair Alias list, select SubCAAuthKeyBinding

  6. In the Signature Algorithm list, select SHA256WithRSA

  7. In the trusted certificates section under Certificate Authority, select ManagementCA

  8. Click Add

  9. Click Create

  10. Click Back to Overview

  11. In the SubCAAuthKeyBinding row, under the Actions column click CSR

  12. Download the SubCAAuthKeyBinding.PKCS10.pem CSR

Issue the Certificate

  1. Open a browser and click RA Web, from the ribbon menu across the top of page from your CA instance.

  2. Click Enroll >> Make New Request

  3. In the Certificate Type drop-down list, select TLSClientEndEntityProfile

  4. In the CA drop-down list, select ManagementCA

  5. In the Key-pair generation selection, select Provided by user

  6. Click Browse >> Downloads folder and select the SubCAAuthKeyBinding.PKCS10.pem CSR and click Select

  7. In the CN, Common name field, enter SubCAAuthKeyBinding

  8. In the Username field, enter SubCAAuthKeyBinding

  9. Click Download PEM full chain

  10. Save the file as SubCAAuthKeyBinding.pem

Activate the Key Binding

  1. Open a browser and access your Admin Web Portal on the CA instance

  2. Click System Functions >> Remote Authentication

  3. Under the Import Client Certificate header, select SubCAAuthKeyBinding in the Target Remote Authenticator field

  4. To the right of Certificate, click Browse

  5. Click Downloads locate the certificate that was downloaded in the previous section, the file should be named SubCAAuthKeyBinding.pem

  6. Click Select

  7. Click Import

  8. In the SubCAAuthKeyBinding row, under the Actions column, click Enable

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close