Welcome to My Professional Profile

Project 1

Setting Up EJBCA In Your Home Lab

This guide will walk you through setting up EJBCA Community Edition in your home lab environment using Docker.

To begin, ensure you have:

If you meet the above requirements, follow these instructions:

  1. Pull the EJBCA Docker image using:
    2. sudo docker pull keyfactor/ejbca-ce
  2. Run the EJBCA Community Edition container with proper port mapping and hostname:
    3. sudo docker run -d -p 80:8080 -p 443:8443 -h localhost -e TLS_SETUP_ENABLED="true" keyfactor/ejbca-ce
  3. Check if the container is running properly with:
    4. sudo docker ps
  4. Retrieve the container logs to find the auto-generated SuperAdmin password using:
    5. sudo docker logs c0d4fdad387b
  5. Open the ejbca.log file and search for the SuperAdmin password.
  6. Navigate to the EJBCA RA interface in your web browser at:
    7. https://192.168.31.1/ejbca/ra/enrollwithusername.xhtml (replace 192.168.31.1 with your actual server IP address).
  7. Login with username superadmin and the password found in the logs to generate a SuperAdmin certificate with RSA key algorithm, 2048 bits key size, and an appropriate certificate profile for admin access.
  8. After generating the certificate, install it in your browser's Personal Certificate Store.
  9. Finally, navigate to the EJBCA Admin Web interface at:
    10. https://192.168.31.1/ejbca/adminweb/, select the newly generated SuperAdmin certificate, and gain full administrative access to EJBCA.

Wowww!!! Congratulations, you have successfully set up EJBCA in your home lab!!!

Project 2

Issuing a Client Authentication Certificate using EJBCA

This guide will how you how to issue a Client Authentication Certificate using your newly deployed EJBCA.

Please follow the below instructions:

  1. Open your browser and go to your EJBCA:
    2. https://192.168.31.1/ejbca/adminweb/
  2. Log in with your admin credentials. (Use the SuperAdmin Certificate from the previous lab)
  3. Create a ClientAuth Certificate Profile:
    4. EJBCA > CA Functions > Certificate Profiles > ENDUSER > Clone > ClientAuth > Create from template.
  4. Edit the new ClientAuth Certificate Profile:
    5. Set Validity or End Date to 1y (1 year) > Check Client Authentication > Save.
  5. Create a ClientAuth End Entity Profile:
    6. EJBCA > RA Functions > Manage End Entity Profiles > Add End Entity Profile > Name it ClientAuth > Add Profile.
  6. Configure the new End Entity Profile:
    7. Subject DN Attributes > Add > emailAddress > Default Certificate Profile to ClientAuth (unselect others) > Set Default Token to P12 file > Save.
  7. Add a New End Entity:
    8. EJBCA > RA Functions > Add End Entity > Choose a unique username > Set a password for certificate pickup > Use data from the e-mail address field.
  8. Pick Up the Certificate at:
    9. https://192.168.31.1/ejbca/ra/#loaded > Enroll > Enter the username and password you set earlier > Select 2048 (key size) > Download P12 to get your certificate file.
  9. Remember to download the CA Certificate too:
    10. Go to CA Certificates and CRLs in EJBCA > Download the CA Certificate in PEM format.
  10. Finally, import the Certificate into Your Browser:
    11. Browser Settings > Security > Manage Certificates > Import > Select the downloaded P12 file > Enter the Enrollment Password.

Wowww!!! Congratulations, you have successfully issued and installed your Client Authentication Certificate.

Project 3

Creating a Root Certificate Authority (Root CA) in EJBCA

This guide will how you how to create a Root Certificate Authority (Root CA) in your newly deployed EJBCA.

Please follow the below instructions:

  1. Access EJBCA Admin Web:
    2. https://192.168.31.1/ejbca/adminweb/
  2. Log in with your admin credentials. (Use the SuperAdmin Certificate from the previous lab)
  3. Create a Certificate Profile for the Root CA:
    4. EJBCA > CA Functions > Certificate Profiles > ROOTCA > Clone > Name it MyRootCAProfile > Create from template.
  4. Edit the New Certificate Profile:
    5. Key Algorithm to RSA > Key Length to 4096 > Validity to 30y > Disable Authority Key ID, Subject Alternative Name, Issuer Alternative Name, LDAP DN Order > Save the profile.
  5. Create a Crypto Token:
    6. EJBCA > CA Functions > Crypto Tokens > New > MyFirstRootCACryptoToken > Type to SOFT HSM for home lab; use HSM for production > Authentication Code (write this down!) > Create 2048 key pair > Save the Crypto Token.
  6. Create the Root CA:
    7. EJBCA > CA Functions > Certificate Authorities > Add CA > MyFirstRootCA > Create > Select the CA settings from earlier > Create Root CA.

Wowww!!! Congratulations, you have successfully created your first Root Certificate Authority in EJBCA.

Project 4

Importing a Virtual Machine OVA into ProxMox

This guide will how you how to import a Virtual Machine OVA into ProxMox.

Please follow the below instructions:

  1. Log into ProxMox VE either via SSH or the web-based shell
  2. Make a working directory for your .OVA file
    3. mkdir ova_import && cd ova_import
  3. Use Proxmox Shell to download the OVA onto our Proxmox server:
    4. wget -O ACME_2019_All_Versions.ova https://rtcustomer.blob.core.windows.net/rtcustomerdeploy/ACME_2019_All_Versions.ova
  4. Use Proxmox Shell to download the OVA onto our Proxmox server:
    5. tar -xvf ACME_2019_All_Versions.ova
  5. Create a new VM on the top right of Proxmox VE web interface:
    6. - General Tab > VM ID - Assign A Number
    - General Tab > Name - ACME-2019
    - OS Tab > Do not use any media
    - System Tab > Bios > OVMF (UEFI)
    - Disk Tab > Leave the default one and next
    - CPU Tab > Assign it 1 Socket and 4 Cores
    - Memory Tab > Assign it 8192 MiB
  6. Review the parameters and finally click on “Finish” on the bottom right.
  7. Go to your newly created VM in my case 100 > Click on Hardware.
  8. Detach and remove the current Hard Disk and remove the CD/DVD Drive and the EFI Disk.
  9. Return Proxmox Shell and go to the working directory we created earlier
    10. cd ova_import
  10. Import the disk you extracted earlier into the new VM specifiying its VM ID in my case 100 and the format raw or qcow2 depending on client.
    11. qm importdisk 100 ACME_2019_All_Versions-disk1.vmdk local-lvm --format raw
  11. Go back to your VM > Hardware and double-click the the new Unused Disk to add it to the VM and enable the following:
    12. Add Unused Disk > Enable SATA, SSD Emulation, Discard > Add
  12. Enable Sata0 and put Sata0 above Net0 on the Boot Order:
    13. Options > Boot Order > Sata0 first
  13. Lets try to start the VM now
    14. VM ID > Console > Start
  14. You should have successfully imported your VM and if you press Ctrl-Alt-Del, you should see your VMs IP address
  15. You may now go to a browser to https//YourVMsIPAddress and you should see Redtrust Administration Console
  16. After confirming the imported VM is working, return to the Proxmox VEShell and run the following command to clean up the downloaded ova data:
    17. rm ova_import/ -r

Wowww!!! Congratulations, you have successfully imported a Virtual Machine OVA into ProxMox