用mySQL資料庫配置EJBCA

一. 所需要的軟體：

1. J2SDK、 ANT 、JBOSS、EJBCA、MYSQL資料庫、MYSQL的JDBC驅動程式, jce_policy-1_4_2（如果

密碼超過六位的話就需要這個檔案）。

2.安裝配置好J2SDK、 ANT 、JBOSS、EJBCA.. 安裝MYSQL資料庫。

二. 安裝過程

1.裝好mysql及mysql用戶端 在root使用者下建立了資料庫 ejbca。 安裝MYSQL時預設的使用者就是root.

2.用的jdbc驅動:mysql-connector-java-3.0.17-ga-bin.jar複製到%jboss-home%/server/defalut/lib下面

3.修改了mysql-ds.xml檔案 中的資料來源 jndi名字為我自己取的名字sunrisefeDS（此名字可以任意取

，後面要求輸入的名字要與此一樣）。以及登入資料庫的使用者名稱和密碼 我的是 :root 密碼為6844, 因為我的資料庫是建在root下面的

4.將修改後的mysql-ds.xml檔案複製到了jboss-home/server/default/deploy下面

5.然後運行 ant replaceDS
按照提示輸入了參數:
mysql
java:/sunrisefeDS (如果上面jndi名字為aaaa，則此為java:/aaaa)

6.運行ant
7:運行ant deploy
8:啟動jboss
9.運行install .安裝步驟可以參考官方網站內建的安裝指南。

值得注意的是：很多軟體之間可能會有些衝突，起初我用最新版本的EJBCA折騰了半天也不行，後來換了一個低一點的版本，一下就成功了。據別人經驗，MYSQL驅動程式可能也會有版本的衝突，所以當這個版本不行的時候，可以換一個試試。

下面為安裝的螢幕顯示：

Microsoft Windows XP [版本 5.1.2600]
(C) 著作權 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd../..

C:\>cd ejbca

C:\ejbca>ant replaceDS
Buildfile: build.xml

replaceDS:
    [input] Type of database :(oracle,mssql,mysql,postgres,postgres8,sapdb,hsqld
b,sybase)
mysql
    [input] Data source (default java:/DefaultDS, recommended java:/EjbcaDS):
java:/EjbcaDS
     [copy] Copying 1 file to C:\ejbca\src\ca\ca\META-INF
     [copy] Copying 1 file to C:\ejbca\src\ra\META-INF
     [copy] Copying 1 file to C:\ejbca\src\log\META-INF
     [copy] Copying 1 file to C:\ejbca\src\authorization\META-INF
     [copy] Copying 1 file to C:\ejbca\src\hardtoken\META-INF
     [copy] Copying 1 file to C:\ejbca\src\keyrecovery\META-INF

BUILD SUCCESSFUL
Total time: 22 seconds
C:\ejbca>ant
Buildfile: build.xml

init:
    [mkdir] Created dir: C:\ejbca\tmp\classes
    [mkdir] Created dir: C:\ejbca\dist

compile:
    [javac] Compiling 465 source files to C:\ejbca\tmp\classes
     [copy] Copying 470 files to C:\ejbca\src\java

apply.war:
    [mkdir] Created dir: C:\ejbca\tmp\publicweb\apply.war
     [copy] Copying 20 files to C:\ejbca\tmp\publicweb\apply.war
     [copy] Copying 44 files to C:\ejbca\tmp\publicweb\apply.war\WEB-INF\classes

      [jar] Building jar: C:\ejbca\dist\apply.war

status.war:
    [mkdir] Created dir: C:\ejbca\tmp\publicweb\status.war
     [copy] Copying 1 file to C:\ejbca\tmp\publicweb\status.war
     [copy] Copying 26 files to C:\ejbca\tmp\publicweb\status.war\WEB-INF\classe
s
      [jar] Building jar: C:\ejbca\dist\status.war

webdist.war:
    [mkdir] Created dir: C:\ejbca\tmp\publicweb\webdist.war
     [copy] Copying 7 files to C:\ejbca\tmp\publicweb\webdist.war
     [copy] Copying 48 files to C:\ejbca\tmp\publicweb\webdist.war\WEB-INF\class
es
      [jar] Building jar: C:\ejbca\dist\webdist.war

ca.jar:
    [mkdir] Created dir: C:\ejbca\tmp\ca\ca.jar
     [copy] Copying 442 files to C:\ejbca\tmp\ca\ca.jar
      [jar] Building jar: C:\ejbca\dist\ca.jar

log.jar:
    [mkdir] Created dir: C:\ejbca\tmp\log.jar
     [copy] Copying 11 files to C:\ejbca\tmp\log.jar
     [copy] Copying 23 files to C:\ejbca\tmp\log.jar
      [jar] Building jar: C:\ejbca\dist\log.jar

authorization.jar:
    [mkdir] Created dir: C:\ejbca\tmp\authorization.jar
     [copy] Copying 10 files to C:\ejbca\tmp\authorization.jar
     [copy] Copying 91 files to C:\ejbca\tmp\authorization.jar
      [jar] Building jar: C:\ejbca\dist\authorization.jar

hardtoken.jar:
    [mkdir] Created dir: C:\ejbca\tmp\hardtoken.jar
     [copy] Copying 10 files to C:\ejbca\tmp\hardtoken.jar
     [copy] Copying 64 files to C:\ejbca\tmp\hardtoken.jar
      [jar] Building jar: C:\ejbca\dist\hardtoken.jar

keyrecovery.jar:
    [mkdir] Created dir: C:\ejbca\tmp\keyrecovery.jar
     [copy] Copying 11 files to C:\ejbca\tmp\keyrecovery.jar
     [copy] Copying 28 files to C:\ejbca\tmp\keyrecovery.jar
      [jar] Building jar: C:\ejbca\dist\keyrecovery.jar

ra.jar:
    [mkdir] Created dir: C:\ejbca\tmp\ra.jar
     [copy] Copying 12 files to C:\ejbca\tmp\ra.jar
     [copy] Copying 95 files to C:\ejbca\tmp\ra.jar
      [jar] Building jar: C:\ejbca\dist\ra.jar

adminweb.war:
    [mkdir] Created dir: C:\ejbca\tmp\adminweb.war
     [copy] Copying 95 files to C:\ejbca\tmp\adminweb.war
     [copy] Copying 14 files to C:\ejbca\tmp\adminweb.war\WEB-INF\classes
      [jar] Building jar: C:\ejbca\dist\adminweb.war

ca.ear:
    [mkdir] Created dir: C:\ejbca\tmp\ca\ear
     [copy] Copying 1 file to C:\ejbca\tmp\ca\ear\ear
     [copy] Copying 7 files to C:\ejbca\tmp\publicweb\publicwebroot.war
      [jar] Building jar: C:\ejbca\tmp\ca\ear\ear\publicwebroot.war
     [copy] Copying 10 files to C:\ejbca\tmp\ca\ear\ear
     [copy] Copying 7 files to C:\ejbca\tmp\ca\ear\ear\lib
      [jar] Building jar: C:\ejbca\dist\ejbca-ca.ear

admin.jar:
    [mkdir] Created dir: C:\ejbca\tmp\adminjar
     [copy] Copying 2 files to C:\ejbca\tmp\adminjar
     [copy] Copying 226 files to C:\ejbca\tmp\adminjar
      [jar] Building jar: C:\ejbca\admin.jar

build:

BUILD SUCCESSFUL
Total time: 1 minute 19 seconds
C:\ejbca>ant deploy
Buildfile: build.xml

init:

compile:

apply.war:

status.war:

webdist.war:

ca.jar:

ra.jar:

adminweb.war:

log.jar:

hardtoken.jar:

keyrecovery.jar:

authorization.jar:

ca.ear:

admin.jar:

deploy:
     [copy] Copying 1 file to C:\jboss-4.0.2\server\default\deploy
     [copy] Copying C:\ejbca\dist\ejbca-ca.ear to C:\jboss-4.0.2\server\default\
deploy\ejbca-ca.ear

BUILD SUCCESSFUL
Total time: 18 seconds
C:\ejbca>install
Welcome to EJBCA Installation
This script acts as a wizard helping you with the installation of your Certifica
te Authority.

Before the installation will begin make sure of the following preparations have
been done:

1. The EJBCA application is deployed to the application server. ('ant deploy')

2. You run this installation with access to administrative privileges.

Is these requirements meet (Yes/No) :yes

This installation will create a first administrative CA. This CA will be used to
 create the first
superadministrator and for the SSL server certificate of administrative web serv
er.

When the administrative web server have been setup you can create other CA:s and
 administrators.

Please enter the short name for the CA.
This is only used for administrative purposes,
avoid spaces or odd characters (Ex 'AdminCA1') :sunrisefe
Enter the Distinguished Name of the CA. This is used in the CA certificate to di
stinguish the  CA. (Ex 'CN=AdminCA1,O=PrimeKey Solutions AB,C=SE') :CN=sunrisefe
CA,O=whut,C=cn
Enter the keysize in bits of the CA, only digits. (Ex '2048') : 2048
Enter the validity in days for the CA, only digits (Ex '3650') :3650
Enter the policy id of the CA. Policy id determine which PKI policy the CA uses.

Type your policy id or use '2.5.29.32.0' for any policy or 'NO' for no policy at
 all.
 (Ex '2.5.29.32.0') :2.5.29.32.0

Now for some information required to set up the administration web interface.

Please enter the computer name of CA server. (Ex 'caserver.primekey.se') :sunris
efe
Enter the Distinguished Name of the SSL server certificate used by the administr
ative web gui
 (Ex 'CN=caserver.primekey.se,O=PrimeKey Solutions AB,C=SE') :CN=caserver.sunris
efe,O=whut,C=cn
Enter a good password for the super administrators keystore. Please remember thi
s one:6481432

You have entered the following data :

CA short name : sunrisefe
Distinguished Name CA : CN=sunrisefeCA,O=whut,C=cn
Keysize of the CA :  2048
Validity in days for the CA : 3650
Policy id of the CA : 2.5.29.32.0
Computer name of CA server : sunrisefe
Distinguished Name of the SSL server certificate : CN=caserver.sunrisefe,O=whut,
C=cn
Password for the super administrators keystore : 6481432
Is this correct ( Yes/No/Exit ) :yes

The installation will now start, please wait .....

Initializing CA
Generating rootCA keystore:
DN: CN=sunrisefeCA,O=whut,C=cn
Keysize: 2048
Validity (days): 3650
Policy ID: 2.5.29.32.0
Initalizing Temporary Authorization Module.
Creating CA...
CAId for created CA: 959669511
-Created and published initial CRL.
CA initialized

Setup of Administration Web Interface have started, this will take a minute to c
omplete ....

認證已添加至keystore中

The installation is now complete.
Proceed with the following steps in order to start administrating EJBCA.

1. Restart the application server.
2. Import the p12/superadmin.p12 file in your browser.
3. Go to the following URL: https://<computername>:8443/ejbca/adminweb
4. And now your are all set to start using EJBCA.

If you are interested in  professional support of EJBCA and PKI related question
s,
please contact PrimeKey Solutions AB, Sweden at ejbca@primekey.se or www.primeke
y.se for more information.

C:\ejbca>

三 對上述配置的補充

安裝JDK1.4.*,設定JAVA_HOME=C:\j2sdk1.4.2_02;設定classpath=C:\j2sdk1.4.2_02\lib;設定path=C:\j2sdk1.4.2_02\bin;
安裝ANT,下載安裝包,解壓縮到安裝路徑,設定ANT_HOME=C:\apache-ant-1.6.1;設定path=C:\apache-ant-1.6.1\bin;(一般ANT的安裝沒有什麼問題的)
安裝JBOSS,下載安裝包,解壓縮到安裝路徑,設定JBOSS_HOME=C:\jboss-3.2.5,啟動JBOSS(運行JBOSS_HOME\bin\run.bat),用http://localhost:8080訪問,出現JBOSS的資訊表示JBOSS安裝成功
到下載JDK的地方下載一個 "Unlimited Strength Jurisdiction Policy Files",解壓縮之後得到一個JCE檔案夾,將裡面的兩個檔案複製到系統預設得jre環境的lib\security下面覆蓋原來的兩個檔案.(放到C:\Program Files\Java\j2re1.4.2_02\lib\security 下面 install才順利進行)

裝好這些之後,最好重啟機器,讓ejbca找得到JBOSS_HOME