emCA Initial Setup

After the successful deployment of the emCA application, completing the initial setup requires following a few steps. To get started, simply access the URL provided for the emCA application. Upon accessing the URL, you will be directed to the welcome page of emCA setup, which will guide you through the setup process.

For example, if you want to access the login page for emCA, you should enter the following address in the address field: https://<ip address:port>/emCA/login.htm.

emCA Setup

Upon entering the URL and pressing enter, the emCA Setup page will be displayed, resembling the image below.

To proceed to the 'Setup CA Administrator' page, simply click on the 'Next' button.

When creating a CA Administrator, choose 'Single' or 'Multiple' and specify the number of administrators.

Please enter the number of incorrect login attempts the user can make. Note that a maximum of 10 attempts are allowed. If the CA Administrator needs to perform the 'Admin' role, select the corresponding checkbox. Once all the necessary options are selected, click on the 'Proceed' button. This will take you to the 'Verify and Confirm' page.

Click "Confirm" to complete the CA Admin configuration. Click "Next: Create CA Admin" to proceed to create the CA Admin. The following page will appear, titled "Create CA Administrator".

Please enter all the necessary information for the CA Admin as shown below.

Click on “Proceed” after entering details to proceed to step 2, where entered details will be displayed.

To create a user, simply click on the "Create User" button. This will create the CA Administrator, which will be displayed on the screen as shown below.

To create more CA Administrators, click on the "+Add More User" button as shown above figure. Follow the same steps that were discussed earlier. Once you have created the maximum number of CA Administrators, the "Proceed to login" button will be enabled, as shown below.

To continue, please click on the "proceed to login" button.

Login

To access the emCA application, the CA Administrator must use the token provided by eMudhra and their certificate on the login page. The CA admin needs to connect the token containing their "CA Administrator" certificate to the machine. After that, they should enter their registered email ID and token PIN and click on the "Login" button, as shown in the figure below.

Upon login, the following steps need to be performed by the CA Administrator.

Step 1: License Registration

Step 2: Setup Authorization Matrix

Step 3: Generate AES Key

Step 4 : Generate Signer Key

License Registration

This is a one-time activity. The CA Administrator must set up the license for the emCA application in the License Registration window. The following steps should be followed by the CA Administrator.

After successfully logging in, you will see the option 'Do you have a pre-generated license file?' If not, select 'No' and click 'Generate ID'.

When you click the "Generate ID" button in the emCA application, a license request file will be generated. You can then download this file by clicking on the "Download" button as shown below.

Upon downloading the license request, it should be sent to eMudhra for generating the license file. After receiving the license file from eMudhra, the CA Administrator can select the ‘Yes’ option.

Please click on the 'Next' button.

Please click on the 'Choose File' button located below to upload the license file that you have received from eMudhra.

After uploading the license file, the CA Administrator must sign the request by entering their email ID and token PIN, and then clicking "Authenticate," as shown in the following figure.

After successfully authenticating, the CA Administrator should click on the "Register" button shown in the figure above. Once the button is clicked, a message confirming successful license registration will be displayed as shown below.

After successfully registering the license, click on the 'Setup Authorization Matrix' button to access the next page.

Setup Authorization Matrix

In this step, the CA Administrator needs to create an M of N authentication by specifying the minimum and maximum number of users required for each role, such as Administrator, Officer, and Auditor. The administrator should enter the required minimum and maximum number of users in the provided boxes, as shown below.

Click on Authenticate after providing CA Administrator Email ID and Token PIN for user authentication.

Once you have successfully completed the authentication process, please click on the "Confirm" button..

After the successful message, the user needs to click "Proceed to Key Profile" for encryption key generation.

7.2.3. Generate Key

In this step, the CA Administrator is presented with the option "Are you generating keys on an HSM?" as shown below.

If the CA Administrator selects ‘No’ and clicks ‘Next’, they will be prompted to select the ‘Subscriber Encryption Mode’ on the following page.

On the previous page, choose whether to store the encryption key in the database or the application and then click on 'Proceed'.

You will see the authentication screen next.

Authenticate by entering your Username and Token PIN. Once authenticated, click 'Generate Key'. AES key will be successfully generated.

Generate Signer Key

After successfully creating an AES key, the system will redirect to the 'Generate Signer Key' page to determine where to store the encryption key.

To upload the Configuration type, click ‘Upload’ and choose the file. Alternatively, paste the configuration using the ‘Text Area’ option.

After uploading the Configuration file, enter the HSM password and click 'Test Connection'.

If the PKCS11 file is valid, clicking 'Test Connection' shows 'Key Profile Connection Successful' as shown below.

After establishing a successful connection, click the Proceed button to display the following screen.

In the above screen, click "Generate signer Key" after successful authentication. A success message will appear upon key generation.

After successfully creating the AES key, click 'proceed to dashboard' to finish setup. The CA Administrator is then redirected to the Dashboard page, where they have permission to create Administrators, Officers, Auditors, and Operators.

Click on the "Manage Roles & Users" button to create additional administrators, officers, and auditors. Once created, they can log in using their individual credentials.