EJBCA Series 1: Installation

Introduction:

EJBCA is a full-featured open-source CA system software. It is based on J2EE technology and provides a powerful, high-performance and component-based ca. EJBCA is flexible and platform independent. It can be used independently and can be integrated with any J2EE application.

Features:

Lgpl open source license
Built on the J2EE 1.3 (ejb2.0) Specification
Flexible, Component-Based Architecture
Multi-level Ca
Establish one or more complete infrastructure in one EJBCA instance with multiple CAS and multi-level cas
Run it independently or integrate it in any J2EE Application
Simple installation and configuration
Powerful Web-based management interface with high-intensity Identification Algorithms
Supports command line-Based Management and scripts.
Support individual certificate application or certificate Batch Production
The server and client certificates can be exported in PKCS12, jks, or PEM format.
Supports direct certificate application using Netscape, Mozilla, ie, and other browsers
Supports using open APIs and tools to apply for certificates from other applications
New users added by RA can send email reminders.
Passwords can be generated randomly or manually for new user authentication.
Supports hardware modules to integrate hardware issuing systems (such as smart cards)
SCEP supported
Multi-polarization management with specific user permissions and user groups
You can configure certificates of different types and contents.
You can configure objects for different types of users.
Complies with X509 and pkix (rfc3280) Standards
Supports CRL
Fully supports OCSP, including AIA Extension
CRL generation and URL-based CRL distribution points follow rfc3280 and can store certificates and CRL in any SQL database (processed by the Application Server ).
Multiple publishers are available to publish certificates and CRL in LDAP.
Supports the key recovery module used to restore private keys for specified users and certificates
Component-based architecture for publishing certificates and CRL to different destinations
Component-based architecture, used to adopt multiple entity authorization methods when publishing certificates
It is easy to integrate into large applications and optimized for integration into business processes

EJBCA is fully written in Java and can run on any platform using J2EE servers. Development and testing are performed on Linux and Windows.

Software List:

J2se6

Jce_policy-6.zip

JDK 1.6 Update 12 and JCE unlimited strength jurisdiction policy files 6 release candidate
Http://java.sun.com/javase/downloads/index.jsp

JBoss:

JBoss-5.0.1.GA-jdk6 (download jboss-5.0.1.ga-jdk6.zip)

I went to the official website for a long time and did not know where to download it. So I went to SourceForge.

Http://downloads.sourceforge.net/jboss/jboss-5.0.1.GA-jdk6.zip? Use_mirror = jaist

EJBCA:

EJBCA 3.8.1
Http://www.ejbca.org/download.html

 

Ant:

Apache-ant-1.7.1
Http://ant.apache.org/bindownload.cgi

 

MySQL:

For MySQL 5.1
Http://dev.mysql.com/downloads/mysql/5.1.html

Mysql-connector-java-5.1.7.zip
Http://download.softagency.net/MySQL/Downloads/Connector-J/

Installation steps:

 

1. install j2se6, decompress jce_policy, and overwrite local_policy.jar and us_export_policy.jar to c: \ Program Files \ Java \ jdk1.6.0 _ 12 \ JRE \ Lib \ Security and C: \ Program Files \ Java \ jre6 \ Lib \ Security.

 

2. Install MySQL. The username and password are both "root ". Run the MySQL command line client command line tool in the Start Menu, enter the password "root", and create an empty database EJBCA. The command behavior is "create database ejbca ;". Then exit the command line tool.

 

3. Decompress EJBCA, JBoss, and ant to the C root directory.

 

4. Set system environment variables,

Copy the mysql-connector-java-5.1.7-bin.jar in mysql-connector-java-5.1.7.zip to the % jboss_home % \ Server \ Default \ lib directory.

 

5. Set environment variables.

Java_home = c: \ Program Files \ Java \ jdk1.6.0 _ 12

Jboss_home = c: \ jboss-5.0.1.GA

Ant_home = c: \ apache-ant-1.7.1

Ant_opts =-xmx640m

Path = % java_home % \ bin; % jboss_home % \ bin; % ant_home % \ bin;

Classpath = % java_home % \ Lib \ DT. jar; % java_home % \ Lib \ tools. jar; % java_home % \ Lib;

 

6. Configure EJBCA

Copy % ejbca_home % \ conf \ EJBCA. properties. Sample and save it as % ejbca_home % \ conf \ EJBCA. properties.

Copy % ejbca_home % \ conf \ WEB. properties. Sample and save it as % ejbca_home % \ conf \ WEB. properties.

Copy % ejbca_home % \ conf \ database. properties. Sample and save it as % ejbca_home % \ conf \ database. properties.

 

Edit database. properties as follows (several lines without '#' in the following text have '#' in the original file, and the modification is to remove)

# ------------- Database Configuration ------------------------

# JNDI name of the datasource to use in deployment descriptors of ejbs.
# Default: ejbcads
# Datasource. JNDI-name = ejbcads

# Prefix for the JNDI name of the datasource to use in deployment descriptors of ejbs.
# JBoss requires 'java:/'as prefix, while WebLogic does not want anything (''), and glassfish wants JDBC/
# Oracle usually uses JDBC/as well.
# For WebSphere use JDBC /.
# Default: Java :/
# Datasource. JNDI-name-Prefix = Java :/
# Datasource. JNDI-name-Prefix =
# Datasource. JNDI-name-Prefix = JDBC/

# Weblogic in combination with Oracle requires special handling of long/BLOB Columns
# If, and only if, you are using weblogic and Oracle, uncomment the row below.
# Use oracleblob in WebLogic 8.x and blob in WebLogic 9.x
# Note: This setting is not needed in WebLogic 9.2. Leave it commented out.
# Default:
# Weblogic-Oracle-columntype = @ weblogic. DBMS-column-type blob

# The database name selected for deployment, used to copy XDoclet Merge files.
# All supported databases are defined below, others can easily be added
# See the document DOC/howto/HOWTO-database.txt for database specifics and tips and tricks.
# Default: HSQLDB
Database. Name = MySQL
# Database. Name = Postgres
# Database. Name = mssql2000
# Database. Name = Oracle
# Database. Name = sapdb
# Database. Name = Sybase
# Database. Name = Informix
# Database. Name = Derby
# Database. Name = DB2

# The datasource mapping selected for deployment.
# The J2EE server needs to be configured with the appropriate datasource mapping.
# For JBoss this maps to a setting in standardjbosscmp-jdbc.xml and must match the database chosen above.
# All supported mappings are defined below, others can easily be added
# Default: Hypersonic SQL
Datasource. Mapping = MySQL
# Datasource. Mapping = PostgreSQL 7.2
# Datasource. Mapping = PostgreSQL 8.0
# Datasource. Mapping = MS sqlserver2000
# Datasource. Mapping = oracle8
# Datasource. Mapping = Oracle9i
# Datasource. Mapping = sapdb
# Datasource. Mapping = Sybase
# Datasource. Mapping = informix92
# Datasource. Mapping = informixdb
# Datasource. Mapping = Derby
# Datasource. Mapping = DB2

# Database connection URL.
# This is the URL used to connect to the database, used to configure a new datasource in JBoss.
# Default: JDBC: HSQLDB :$ {JBoss. server. Data. dir }$ {/} hypersonic $ {/} localdb
# Database. url = JDBC: mysql: // 127.0.0.1: 3306/EJBCA
Database. url = JDBC: mysql: // 127.0.0.1: 3306/EJBCA? Characterencoding = UTF-8
# Database. url = JDBC: PostgreSQL: // 127.0.0.1/EJBCA
# Database. url = JDBC: Microsoft: sqlserver: // localhost: 1433; databasename = EJBCA
# Database. url = JDBC: oracle: thin: @ FIG: 1521: EJBCA
# Database. url = JDBC: DataDirect: oracle: // 127.0.0.1: 1521; SID = EJBCA
# Database. url = JDBC: Informix-sqli: // 127.0.0.1: 1525/EJBCA: informixserver = mydbservername; dbdate = dmy4 /;
# Database. url = JDBC: Derby: // 127.0.0.1/EJBCA; Create = true
# Database. url = JDBC: DB2: // 127.0.0.1: 50000/EJBCA

# JDBC driver classname.
# The J2EE server needs to be configured with the appropriate JDBC driver for the selected Database
# Default: org. HSQLDB. jdbcdriver
Database. Driver = com. MySQL. JDBC. Driver
# Database. Driver = org. PostgreSQL. Driver
# Database. Driver = com. Microsoft. JDBC. sqlserver. sqlserverdriver
# Database. Driver = oracle. JDBC. Driver. oracledriver
# Database. Driver = com. ddtek. JDBC. Oracle. oracledriver
# Database. Driver = com. Informix. JDBC. ifxdriver
# Database. Driver = org. Apache. Derby. JDBC. clientdriver
# Database. Driver = com. IBM. db2.jcc. db2driver

# Database username.
# Default: SA (works with HSQLDB)
# Database. Username = EJBCA
# Database. Username = s
Database. Username = root

# Database Password.
# Default: (Blank works with HSQLDB)
# Database. Password = EJBCA
# Database. Password = Postgres
Database. Password = root

 

7. Run cmd to the directory % ejbca_home % to compile EJBCA.

 

8. If you do not change the directory, type start run. BAT to start the JBoss console.

 

9. If you do not change the directory, enter ant install to install EJBCA (the installation will generate a p12 file. If this file is not found, check whether there are any missing items in the previous steps ). If a JCE cannot authenticate the provider BC error occurs, copy % ejbca_home %/lib/BC *. jar to % jboss_home % server/default/lib.
Refer to the following links
Http://www.jboss.org/index.html? Module = BB & OP = Viewtopic & t = 148315 & START =-10 & postdays = postdays & postorder = postorder & Highlight = highlight

 

10. Press Ctrl + C to stop JBoss.

 

11. If you do not change the directory, type ant deploy to deploy EJBCA.

 

12. Go to % ejbca_home % \ p12 and install the superadmin. p12 certificate with the password "EJBCA ".

 

13. The installation is successful.

 

CMD to the directory % ejbca_home %, run. BAT to start JBoss.

In the IE Address Bar, enter https: // localhost: 8443/EJBCA/adminweb. The certificate selection dialog box appears. Select the superadmin certificate and the Management Console page appears:

 

 

In the IE Address Bar, enter http: // localhost: 8080/EJBCA To Go To The business console page: