Monday, January 18, 2010

Installing default EJBCA on Fedora 10

Installation packages
- jdk 1.5
- ejbca 3.9.2
- JBOSS 5.1
- Ant 1.7.1 >= 1.6.5
- install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 http://java.sun.com/j2se/1.5.0/download.jsp

-----------------------------------------------------------------------------------

1) Install the following packages:

yum install ant-nodeps
yum install xdoclet
yum install xjavadoc //optional

2) install sun java 1.5 and Unlimited strength policy(readme.txt in zip).
3) unzip jboss 1.5 and ejbca to required folder.
4) Add the following lines to /etc/profile

# User specific aliases and functions
# The following are the environment variables for Java and JBOSS

export JAVA_HOME=/usr/java/jdk1.5.0_22
export PATH=$PATH:$JAVA_HOME/bin

export JBOSS_HOME=/opt/jboss-5.1.0.GA
export PATH=$PATH:$JBOSS_HOME/bin

export APPSRV_HOME=$JBOSS_HOME
export ANT_OPTS=-Xmx512m

export EJBCA_HOME=ejbca_3_9_2

5) In $APPSRV_HOME/bin/run.conf, edit the following:
JAVA_OPTS="-server -Xms128m -Xmx512m" //Optional

6) JBoss 5.x have a bug causing issues with the BC JCE provider. To work around this you can copy the files EJBCA_HOME/lib/bc*.jar to JBOSS_HOME/server/default/lib/.
cp -s EJBCA_HOME/lib/bc*.jar JBOSS_HOME/server/default/lib/.

7) $EJBCA_HOME/ant bootstrap //Compile, jar, war, ear everything and deploy it to JBoss.

8) Start JBOSS
$APPSRV_HOME/bin/./run.sh -b 0.0.0.0 //bind(b) allow access via ip address instead of localhost only.
JBoss should deploy the ear without errors.

9) $EJBCA_HOME/ant install //generate all certificates, keys, etc
admin keys will be stored in ${ejbca.home}/p12
Adds data to jboss/server/default/data/hypersonic database
*Only run once.
tomcat.jks is for the servlet container (don't bother with it)
truststore.jks is for the servlet container (don't bother with it)
superadmin.p12 should be imported in your browser, that's your administration certificate.

10) Stop JBoss

11) $EJBCA_HOME/ant deploy
deploy everything again and configure the servlet container with the keystore file(HTTPS) (this is why we needed to stop the container).

12) Import the certificate from $EJBCA_HOME/p12/superadmin.p12 into the browser. This is for administration access.
Default password for superadmin.p12: ejbca //configured in ejbca.properties

13) Start JBoss
https://:8443/ejbca //admin-GUI *superadmin.p12 provide the admin login.
http://localhost:8080/ejbca //public page w/o administration

*To add recognised CA signed SSL
$ant -Dca.name="My CA Name" javatruststore
- adds the CA certificate to p12/truststore.jks
- copies this 'truststore.jks' to $JBOSS_HOME/server/default/conf/keystore
- Stop and start tomcat

------------------------------------------------------------------------------------
Tips:
version of EJBCA - $EJBCA_HOME/ant ejbcaversion

EJB CA properties - conf/ejbca.properties
Database properties - conf/database.properties

Files deployed
- ant bootstrap
- deploy/ejbca-ds.xml
- deploy/ejbca-mail-service.xml
- deploy/ejbca.ear

- ant deploy
- Files from ant bootstrap
- conf/keystore/keystore.jk
- conf/keystore/truststore.jks
- deploy/jboss-web.deployer/server.xml

------------------------------------------------------------------------------------
Reference
http://www.ejbca.org/installation.html

No comments:

Post a Comment