Skip to main content

Initialization

To make the initial configuration of the virtual appliance, you must log into it using the default credentials:

  • username: czertainly
  • password: newgenerationtrustcare

To log in, you can use the virtual machine's console. Or you can use SSH, which offers higher user comfort like scrolling and easy copy & paste. When you are successfully logged in, you will see the Text-based User Interface (TUI) for managing the virtual appliance.

The following steps need to be done to initialize the virtual appliance.

Mandatory steps

Bold items are mandatory, even for testing purposes.

  1. Change hostname and networking parameters
  2. Update the system
  3. Install hypervisor tools
  4. Setup TLS certificate
  5. Trusted certificate list
  6. Configure database
  7. Configure credentials to CZERTAINLY docker repository
  8. Configure CZERTAINLY
  9. Install CZERTAINLY

Change hostname and networking parameters

By default, the virtual appliance is configured to use a dynamically assigned IP address from a DHCP server.

The default hostname is czertainly, and the domain is local, which may be useful for development and testing purposes. You need to add the name czertainly.local and VM IP into your hosts file. In production, you will need to set a hostname that will be configured in DNS. To do so, select Main menu -> Configure network parameters -> Configure hostname.

By default, the appliance uses DHCP, no HTTP proxy and no NTP. If you need to change those parameters, you can use network menu.

Update system and packages

It is always good to have a current version of czertainly-appliance-tools and Debian software. To update packages, select Advanced options -> Update Operating System from the main menu.

Install hypervisor tools

Depending on your hypervisor you might want to install its specific tools.

For VMware, it is good to install open-vm-tools. Select from the main menu Advanced options -> Enter system shell and type `sudo apt install open-vm-tools.

For Virtualbox, you do not have to install anything virtualbox-guest-module that is already part of the running kernel image.

For other hypervisors, please consult their documentation.

TLS certificate for CZERTAINLY interface

CZERTAINLY is controlled via a web interface. For testing purposes, a self-signed certificate is automatically generated. If you aim to put CZERTAINLY into production, you want to upload a certificate from your internal CA. To do so, select Main menu -> Configure ingress TLS certificates.

Trusted certificates list

Access to the web interface of CZERTAINLY is authenticated by default by a client certificate.

Access control

There are various options for configuring access control for the platform. See Access control for more information.

For testing purposes, you can use preconfigured Dummy CA certificate. In production system, you will need to replace this list with your own trusted CA certificates. To do this, select Main menu -> Configure custom trusted certificates.

Database

CZERTAINLY persists all its data in the Postgres database. The server will be installed for you, but you might want to set your own password for the database. To do so, choose Configure database from the Main menu.

Credentials for CZERTAINLY docker repository

Some parts of CZERTAINLY are private and can't be provided publicly. Those parts are hosted in a private Docker repository harbor.3key.company.

Obtain access to private Docker repository

Ask support for credentials to access a private repository.

To enter obtained credentials, use option Main Menu -> Configure Docker repository access credentials.

Configure CZERTAINLY

Option Configure CZERTAINLY of the main menu opens a dialog where you can choose the version of CZERTAINLY and its components you want to install.

Install CZERTAINLY

When you select Install CZERTAINLY from the main menu, the installation will begin after confirmation.

Installation time

Complete installation takes about 10 minutes on a decent system with good internet access. The most time-consuming part is downloading docker images that are deployed in the cluster.

After successful installation, the administrator web interface is available at the address:

https://[hostname]/administrator/

where hostname is the value configured in the previous step.

The Dummy administrator certificate is available for quick testing purposes with password 00000000.