- jdk 1.5
- ejbca 3.9.2
- JBOSS 5.1
- Ant 1.7.1 >= 1.6.5
- install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 http://java.sun.com/j2se/1.5.0/download.jsp
-----------------------------------------------------------------------------------
1) Install the following packages:
yum install ant-nodeps
yum install xdoclet
yum install xjavadoc //optional
2) install sun java 1.5 and Unlimited strength policy(readme.txt in zip).
3) unzip jboss 1.5 and ejbca to required folder.
4) Add the following lines to /etc/profile
# User specific aliases and functions
# The following are the environment variables for Java and JBOSS
export JAVA_HOME=/usr/java/jdk1.5.0_22
export PATH=$PATH:$JAVA_HOME/bin
export JBOSS_HOME=/opt/jboss-5.1.0.GA
export PATH=$PATH:$JBOSS_HOME/bin
export APPSRV_HOME=$JBOSS_HOME
export ANT_OPTS=-Xmx512m
export EJBCA_HOME=ejbca_3_9_2
5) In $APPSRV_HOME/bin/run.conf, edit the following:
JAVA_OPTS="-server -Xms128m -Xmx512m" //Optional
6) JBoss 5.x have a bug causing issues with the BC JCE provider. To work around this you can copy the files EJBCA_HOME/lib/bc*.jar to JBOSS_HOME/server/default/lib/.
cp -s EJBCA_HOME/lib/bc*.jar JBOSS_HOME/server/default/lib/.
7) $EJBCA_HOME/ant bootstrap //Compile, jar, war, ear everything and deploy it to JBoss.
8) Start JBOSS
$APPSRV_HOME/bin/./run.sh -b 0.0.0.0 //bind(b) allow access via ip address instead of localhost only.
JBoss should deploy the ear without errors.
9) $EJBCA_HOME/ant install //generate all certificates, keys, etc
admin keys will be stored in ${ejbca.home}/p12
Adds data to jboss/server/default/data/hypersonic database
*Only run once.
tomcat.jks is for the servlet container (don't bother with it)
truststore.jks is for the servlet container (don't bother with it)
superadmin.p12 should be imported in your browser, that's your administration certificate.
10) Stop JBoss
11) $EJBCA_HOME/ant deploy
deploy everything again and configure the servlet container with the keystore file(HTTPS) (this is why we needed to stop the container).
12) Import the certificate from $EJBCA_HOME/p12/superadmin.p12 into the browser. This is for administration access.
Default password for superadmin.p12: ejbca //configured in ejbca.properties
13) Start JBoss
https://
http://localhost:8080/ejbca //public page w/o administration
*To add recognised CA signed SSL
$ant -Dca.name="My CA Name" javatruststore
- adds the CA certificate to p12/truststore.jks
- copies this 'truststore.jks' to $JBOSS_HOME/server/default/conf/keystore
- Stop and start tomcat
------------------------------------------------------------------------------------
Tips:
version of EJBCA - $EJBCA_HOME/ant ejbcaversion
EJB CA properties - conf/ejbca.properties
Database properties - conf/database.properties
Files deployed
- ant bootstrap
- deploy/ejbca-ds.xml
- deploy/ejbca-mail-service.xml
- deploy/ejbca.ear
- ant deploy
- Files from ant bootstrap
- conf/keystore/keystore.jk
- conf/keystore/truststore.jks
- deploy/jboss-web.deployer/server.xml
------------------------------------------------------------------------------------
Reference
http://www.ejbca.org/installation.html
No comments:
Post a Comment