Platform
The Platform tab and sub tabs allow you to view the applications running on the Hardware Appliance, update the firmware, configure platform access, and perform basic troubleshooting.
Applications
The tab provides an overview of the applications that are installed on your platform, along with their access URLs.
- The current PKI Appliance version is displayed.
- In the column Applications the configured applications are listed.
- The next column displays the configured version of the appliances.
In the Management access column the access URL of the admin web of appliance is displayed.
- The Service access column shows the access URL of the appliance.
- The Action column allows the following commands:
Access URLs:
Select a URL to open the respective page of the application.Restart:
Select Restart to restart the application.
Update
Use this tab to update the software of the Hardware Appliance over network.
Be especially careful when updating a cluster or one of its nodes.
You have the following options:
Current update status:
Here you can find information about whether an update is currently in progress. You can see the progress of ongoing update processes.
Search for updates:
Currently, only the protocol option Network File System (NFS) share is supported.
Source Host:/Source Path:
Enter the host and path where the update file can be accessed.
Filter:
Specify whether you want to search for Firmware or Application updates.
If the No filter option is set, everything will be searched.
Search now:
Click Search now to search for the update file according to the specified parameters.
Update:
(only visible in list of update files) Select Update to update the firmware or application with the file in this line. The update will be started in the background. The progress is indicated in Current update status.
After the update is complete, a message will appear prompting you to reboot the Hardware Appliance. Go to Platform > Troubleshooting and click Reboot.
Update Workflows
When updating Hardware Appliance firmware and Customer Operating System (COS) applications, like EJBCA or SignServer, they must be updated separately and manually. Start with updating the firmware and then update the application(s).
Searching for firmware and application update files
- Select the Search for updates protocol.
- Enter the IP-address of the NFS server in the Source Host field.
If you configured and activated DNS, the hostname can be used. See the section Network for more information. - Enter the export path of the NFS server in the Source Path field.
- Use the Filter options to only show the firmware update files or the application update files.
- Select Search now to list the update files.
- If you are not in the correct directory, select Change directory to switch to the correct directory.
Updating the firmware
- Select Install Firmware beside the file name of the firmware update file you want to use.
- The update process will start as a background task.
- You can check the status of the update in the field Current update status.
During the update process, the Hardware Appliance will stay fully operational. You need to reboot the system to use the updated firmware.
Updating the application
- Select Install Application beside the file name of the application update file you want to use.
- The update process will start as a background task.
- You can check the status of the update in the field Current update status.
During the update process, the Hardware Appliance enters maintenance mode and the application is not available. When the update process is finished, the updated application can be used.
Troubleshooting
The Troubleshooting tab provides basic power cycle functionality.
Power cycle functionality is only needed by professional services. Do not use these options unless you have expert knowledge.
You have the following options:
PKI Appliance State:
Find here information on the state of the Hardware Appliance. State options are the following:
Operational:
All services, as for example EJBCA or SignServer, are available.
Offline:
The Hardware Appliance will be offline until it is rebooted. No services are available via the application interface.
Maintenance:
The Hardware Appliance is in maintenance mode. No services are available via the application interface. You will see a static maintenance page instead.
Actions:
Reboot:
Select Reboot to reboot the Hardware Appliance.
Power off:
Select Power off to power off the Hardware Appliance.
Offline:
Select Offline to set the Hardware Appliance in offline mode.
Platform Access
Use the Platform Access tab for configuring an internal maintenance access to the platform.
There is no default password configured for accessing the Hardware Appliance. You must authenticate yourself if you need access to the platform.
Maintenance access is only needed by professional services. Do not activate or use these options unless you have expert knowledge.
Even if no cleartext password is defined, your SSH client will still ask you for a password. You can only define an SSH public key or a root password for SSH access when you enable SSH access.
You have the following options:
Platform Access
Enable/disable SSH access:
Select Enable/disable SSH access to enable/disable this option. Select Apply to finalize the action.
SSH Public Key:
Select Browse to upload a typical one-line openssh public key. Alternatively, you can also paste it in the field.
Known issue
The software also accepts a multiline public key as known from ssh.com/putty. However, such a key will fail authentication at a later time.
Apply:
Select Apply to confirm your change and enable/disable SSH access.
Revert:
Select Revert to undo your change.
Password authentication
Use these options to set a single password for cleartext authentication for either SSH or local console access.
Enable SSH login using password:
Click to enable/disable this option. You can then upload an SSH public key or define a password for cleartext SSH authentication.
Enable local/console login using password:
Click to enable/disable this option. You can then define a password for local console root access.
Root user password:
Enter the password for local console root access.
Confirm password:
Repeat the root user password to confirm it.
Apply:
Select Apply to confirm your changes.
Revert:
Select Revert to undo your changes.
Blocked slot or Admin user
A slot or an Admin user will be blocked after 5 unsuccessful login attempts. You will need SSH access for unblocking slots/Admin users. Refer to the Troubleshooting section for more information.
Support
In the Support tab, you have access to existing support packages and you can create new support packages manually. Support packages are archive files with snapshots of log files and configuration details.
In this tab, you will also find contact information to request professional support for the Hardware Appliance.
You have the following options:
Support Package > Create:
Select Create to create a new support package manually. A newly created package takes up to 30 seconds to appear in the list of Available Support Packages.
Available Support Packages:
Use these options to view and manage your existing support packages. Each package is listed with its creation date and the name and size of its archive. The Hardware Appliance stores a maximum of 10 packages. For every additional package, the oldest package will be removed.
Download:
Select Download to start downloading the support package in this line.
Delete:
Select Delete to delete the support package in this line.
Contact Support:
Select the e-mail address to send your request to our professional support team. We recommend using e-mail encryption for your correspondence.