Basic PKI-as-a-Service Portal Deployment

Use this template to create your own PKI-as-a-Service deployment.

See our introduction for what it is.

The documentation can be foung at www.pki-as-a-service.org.

Deploy a PKIaaS on localhost

Run

./deploy

to assemble artifacts and build docker images.

Run

docker-compose up

to start database and PKI-as-a-Service.

Deploying on a remote system

You need to configure a docker context that points to the remote system and set that in the deploy script.

Remember to set the correct Server URL in the SERVER_URL environment variable in docker-compose.yaml at which the server can be reached.

For Internet facing hosts, we strongly recommend to use a Webserver as proxy.

Register the first user

The first user has special priviledges in the system. He initially has all major roles assigned and thus ultimate control. Usually the first user will then delegate roles to other users in the system.

Running without e-mail service

In normal operations, the service will send e-mails using the SMTP server configured in etc/configuration.js.

Unless that is set, you will need to pick the activation code from the logs:

pkiaas-test     | 69160 [qtp943081537-20] DEBUG pki-as-a-service.processes.RegisterMyTokenRequestModel - ACTIVATION CODE 604226

Creating your first Trustcenter

See our blog and screencast how to create your first trustcenter to manage SmartCard-HSMs, create a PKI, enroll persons and systems.

Connect to the database

docker exec -it mariadb-test sh -c 'exec mariadb -u${MARIADB_USER} -p${MARIADB_PASSWORD} pkiaas'

Dump the database

docker exec -i mariadb-test mariadb-dump -udbuser -pchangeme pkiaas

restore with

docker exec -i mariadb-test sh -c 'exec mariadb -uroot -pchangeme' < dump.sql