EJBCA Installation Tutorial +postgresql+wildfly10

Source: Internet
Author: User
Tags postgresql jboss wildfly wsdl


1. Installation Environment Instructions


The author in this machine under the virtual machine installation, the database has been installed.



ubuntu16.04 x64



Postgresql:9



Wildfly10


2. Preparation before installation


Download the necessary packages (download them directly to the website):


    • Wildfly-10.0.0.final.zip
    • Ejbca_ce_6_5.0.5.zip
    • Apache-ant-1.10.1-bin.tar.gz http://mirrors.tuna.tsinghua.edu.cn/apache//ant/binaries/apache-ant-1.10.1-bin.tar.gz
    • jdk1.8
    • Postgresql-9.4.1207.jar Database Driver Package


This time the author of the above software are installed in the/OPT directory



The user named Royoan is logged into the operating system, and all of the following actions are user actions



The installation of the JDK is not mentioned, note the setting of the environment variable java_home.


2.1 Setting up a database


The author creates a user and a schema for that user on the existing test database, which is equivalent to a new database.


--Login database test to add a user and mode
Create user ejbca password ‘ejbca‘;
CREATE SCHEMA ejbca AUTHORIZATION ejbca; 


2.2 Ant Installation


Unzip the apache-ant-1.10.1-bin.tar.gz into the/opt directory and get the/opt/apache-ant-1.10.1



Configure the environment variable, modify the/home/royoan/.profile file, and at the end of the file, insert the following code


export JAVA_HOME=/opt/jdk1.8.0_131
PATH="$JAVA_HOME/bin:$PATH" export ANT_HOME=/opt/apache-ant-1.10.1 PATH="$ANT_HOME/bin:$PATH"


After saving, execute


$:/opt$ source ~/.profile
$:/opt$ cd /opt
$:/opt$ ant Buildfile: build.xml does not exist!
Build failed


The following build failed hint appears, indicating that Ant is loaded


2.3 Wildfly Installation


Also unzip the package to the/OPT directory to get



/opt/wildfly-10.0.0.final Directory



Execute the following command to start the Wildfly server:


cd /opt/wildfly-10.0.0.Final
bin/standalone.sh
2.3.1 Installing the PostgreSQL driver and configuration data source in the Wildfly


Put the Postgresql-9.4.1207.jar file in the/home/royoan/directory, and wait for Wildfly to execute the following command:



Jboss-cli.bat-c



This command goes into the command line tool and executes the following CLI command to install the module


module add --name=org.postgresql --resources=/home/roy/postgresql-9.4.1207.jar --dependencies=javax.api,javax.transaction.api


The command creates a directory below the Jboss_home/modules



|-org/postgresql/main
|-module.xml
∟-postgresql-9.4.1207.jar



Add CLI commands to drive and increase data sources:


/subsystem=datasources/jdbc-driver=postgresql:add(driver-name="postgresql",driver-module-name="org.postgresql",driver-xa-datasource-class-name=org.postgresql.Driver)

data-source add --name=ejbcads --driver-name="postgresql" --connection-url="jdbc:postgresql://localhost:5432/test" --jndi-name="java:/EjbcaDS" --use-ccm=true --driver-class="org.postgresql.Driver" --user-name="ejbca" --password="ejbca" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql="select 1;"


The above command modifies the Standalone.xml configuration file, please note that the above url,username,password is actually filled in according to your database configuration.


2.3.2 Wildfly Remote Configuration


The command is also executed under the CLI command line:


/subsystem=remoting/http-connector=http-remoting-connector:remove
/subsystem=remoting/http-connector=http-remoting-connector:add(connector-ref="remoting",security-realm="ApplicationRealm")
/socket-binding-group=standard-sockets/socket-binding=remoting:add(port="4447")
/subsystem=undertow/server=default-server/http-listener=remoting:add(socket-binding=remoting)
:reload


Configuration log:


/subsystem=logging/logger=org.ejbca:add
/subsystem=logging/logger=org.ejbca:write-attribute(name=level, value=DEBUG)
/subsystem=logging/logger=org.cesecore:add
/subsystem=logging/logger=org.cesecore:write-attribute(name=level, value=DEBUG)


3. EJBCA Installation and Configuration


Unzip the ejbca_ce_6_5.0.5.zip to the/OPT directory, and enter the extracted folder.


3.1 Configuration


The Conf directory is a EJBCA configuration file that reads some of the settings in this file when build and the CA is generated, and the configuration files in the. Sample end, and if we want to modify the default configuration, we need to rename the file that needs to be modified, remove the. Sample
We need to change a few files, Sir, into 4 important files:


 
 
cd /opt/ejbca_ce_6_5.0.5/conf
mv ejbca.properties.sample ejbca.properties
mv web.properties.sample  web.properties
mv database.properties.sample database.properties
mv install.properties.sample install.properties


Modify the Ejbca.properties file



Set the value of the Appserver.home (the installation location of the application server, which is/opt/wildfly-10.0.0.final for us)



Modify the Web.properties file



Set the certificate password for the Super administrator of the CA, the certificate password for the server-side certificate generated by the application server, the password for the CA's truststory, and so on, the settings of these passwords can be set as needed, or the default configuration will be maintained. Note that the httpsserver.hostname, which corresponds to the alias behind, my IP address is 147.128.105.149, and here we set the 147.128.105.149



Modify the Database.properties file



In fact, just use the wildfly data source. Cancel the Datasource.jndi-name=ejbcads comment, and also release the database type database.name=postgres the comment. Otherwise, the installation of the library table of the H2 database will be executed with an error. The author is not open this option causes the first installation error.



Modify the Install.properties file



Set the name of the CA, encryption, and so on, it is recommended to leave the default.


3.2 Installation


Go to the command line and execute the following command:


cd /opt/ejbca_ce_6_5.0.5/
ant clean deployear
ant runinstall
ant deploy-keystore


Deployear's step will be a little longer,



Ant Runinstall You do not need to perform this step when removing an existing installation (with available TLS KeyStore). The truth has not been read.



After the ant Deploy-keystore is executed, the KEYSTORE.JKS is generated in the EJBCA directory, Truststore.jks, and the script is automatically copied to the $JBOSS _home/standalone/configuration/ KeyStore, we don't care.





4. Finally configure Wildfly4.1 to remove the existing TLS and HTTP features in Wildfly


Also execute jboss-cli.sh-c into CLI command line interface in the/opt/wild directory, execute the following CLI:


/subsystem=undertow/server=default-server/http-listener=default:remove
/subsystem=undertow/server=default-server/https-listener=https:remove
/socket-binding-group=standard-sockets/socket-binding=http:remove
/socket-binding-group=standard-sockets/socket-binding=https:remove
4.2 Configuring the new TLS
/interface=http:add(inet-address="0.0.0.0")
/interface=httpspub:add(inet-address="0.0.0.0")
/interface=httpspriv:add(inet-address="0.0.0.0")
/socket-binding-group=standard-sockets/socket-binding=http:add(port="8080",interface="http")
/subsystem=undertow/server=default-server/http-listener=http:add(socket-binding=http)
/subsystem=undertow/server=default-server/http-listener=http:write-attribute(name=redirect-socket, value="httpspriv")
:reload


The above "0.0.0.0" means that the other machine can also be accessed, the original default is 127.0.0.1 is only native access.



Then configure realm, socket-binding, note two password, here alias is mentioned earlier to configure the IP address.


/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add(keystore-path="${jboss.server.config.dir}/keystore/keystore.jks", keystore-password="serverpwd", alias="147.128.105.149")
/core-service=management/security-realm=SSLRealm/authentication=truststore:add(keystore-path="${jboss.server.config.dir}/keystore/truststore.jks", keystore-password="changeit")
/socket-binding-group=standard-sockets/socket-binding=httpspriv:add(port="8443",interface="httpspriv")
/socket-binding-group=standard-sockets/socket-binding=httpspub:add(port="8442", interface="httpspub")


When you're done, exit jboss-cli.sh.



Stop Wildfly and reboot. (Be sure not to forget it)


4.3 Configuring the Undertow Service


Re-entry into jboss-cli.sh-c



Perform:


/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding=httpspriv, security-realm="SSLRealm", verify-client=REQUIRED)
/subsystem=undertow/server=default-server/https-listener=httpspriv:write-attribute(name=max-parameters, value="2048")
/subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding=httpspub, security-realm="SSLRealm")
/subsystem=undertow/server=default-server/https-listener=httpspub:write-attribute(name=max-parameters, value="2048")
:reload


Then there are some important configurations


/system-property=org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:add(value=true)
/system-property=org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:add(value=true)
/system-property=org.apache.catalina.connector.URI_ENCODING:add(value="UTF-8")
/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING:add(value=true)
/subsystem=webservices:write-attribute(name=wsdl-host, value=jbossws.undefined.host)
/subsystem=webservices:write-attribute(name=modify-wsdl-address, value=true)
:reload


If you have an Apache service in front of Wildfly, execute the following command, or do not:


/subsystem=undertow/server=default-server/ajp-listener=ajp-listener:add(socket-binding=ajp, scheme=https, enabled=true)
:reload


Download the certificate/opt/ejbca_ce_6_5.0.5/p12/superadmin.p12 to the local, then import the browser, you can access the background () because two-way authentication is required)
EJBCA Management Background
Https://147.128.105.149:8443/ejbca/adminweb






Done!!!






This article copyright belongs to author Royoan (Bowen address: http://www.cnblogs.com/royoan/p/7763633.html) all, welcome reprint and Commercial, please in the article page obvious location give the original link and retain this paragraph statement, Otherwise reserves the right to hold legal responsibility, other matters, can leave a message to consult.






EJBCA Installation Tutorial +postgresql+wildfly10


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.