1.1. Before You Start#

This guide assumes you have an Azure account with an active Azure subscription.

1.1.1. Prepare Credentials#

Several usernames and secrets are required to set up the inoQulate solution. How each credential is used will be explained during the setup process.

Make a copy of the Secure Credentials below and fill in a value for every field. Recommended values are pre-filled for you, but you may change them as desired. All passwords and PINs should adhere to your company’s policy. Store this credentials table in a secure location.

1.1.1.1. VM Credentials#

VM Admin Username and VM Admin Password are the login username and password credentials for accessing the Virtual Machine that manages the solution.

1.1.1.2. Database Admin Credentials#

Database Admin Username and Database Admin Password are the login username and password credentials for the admin to access the PostgreSQL database deployed inside the Kubernetes application.

1.1.1.3. Database Credentials for Certification Authority Software#

Database Username for CA and Database Password for CA are the login username and password credentials for the Certification Authority software to access the PostgreSQL database deployed inside the Kubernetes application. The Certification Authority software used is EJBCA.

1.1.1.4. Database Credentials for Signer Software#

Database Username for Signer and Database Password for Signer are the login username and password credentials for the signing software to access the PostgreSQL database deployed inside the Kubernetes application. The Signer software used is Signserver.

1.1.1.5. Trust Store Credentials#

Trust Store Password is the password for the certificate trust store for the service runner. The trust store contains the self-signed TLS certificates of the signer application. The service runner uses this trust store to authenticate its connection with the signer application.

1.1.1.6. Client Certificate Password#

Client Cert Password is the password (enrollment code) for the client certificate. This client certificate is installed in the certificate store of the Operation System or the browser. This certificate is used to authenticate access to the EJBCA and Signserver pages as an administrator.

1.1.1.7. TLS Keystore for Signserver#

Signserver TLS Keystore Password is the password (enrollment code) for storing the TLS certificate of the Signserver. The certificate enables HTTPS on Signserver.

1.1.1.8. Certification Authority Application - HSM Token SO PIN#

CA SO PIN is the PIN (password) for managing the HSM belonging to the CA application.

1.1.1.9. Certification Authority Application - HSM Token User PIN#

CA User PIN is the PIN (password) for the application to use the HSM belonging to the CA application.

1.1.1.10. Signer Application - HSM Token SO PIN#

Signer SO PIN is the PIN (password) for managing the HSM belonging to the Signer application.

1.1.1.11. Signer Application - HSM Token User PIN#

Signer User PIN is the PIN (password) for the application to use the HSM belonging to the Signer application.

1.1.1.12. Summary#

Table 1.1 Secure Credentials#

Field

Value

VM Admin Username

inoqulate

VM Admin Password

Database Admin Username

postgres

Database Admin Password

Database Username for CA

ejbca

Database Password for CA

Database Username for Signer

signserver

Database Password for Signer

Trust Store Password

Client Cert Password

Signserver TLS Keystore Password

CA SO PIN

CA User PIN

Signer SO PIN

Signer User PIN

1.1.2. Register Resource Providers#

There are certain Azure resource providers required in deploying our inoQulate solution:

  • Microsoft.ContainerService

  • Microsoft.OperationsManagement

Please register the above providers before subscribing to our inoQulate solution.

  1. In the Azure portal, enter Subscriptions in the search box. Select Subscriptions.

  2. Click the subscription you intend to deploy the solution in.

  3. In the left sidebar, under the Settings section, click Resource providers.

  4. For each of the above providers, if it is not registered, click Register at the top.