Menu
▾
▴
Re: [Ejbca-develop] EJBCA on Solaris
|
From: Stephane B. <ste...@be...> - 2004-07-08 09:38:10
|
I have been working a lot on the installation/deployment process lately
hoping that it will improve it.
Amazingly all the posts are not stored in the mailing list archives. But
here's a copy of the mail
It refers to the version in cvs head.
-------------------------------------------------------- snip
------------------------------------------
1) Copy .ejbca.properties.sample to .ejbca.properties
2) Set the path to your JBoss home directory 'jboss.home' in
.ejbca.properties
3) Customize the database if needed but best thing is to keep the
default as it is,
it will use the JBoss embedded HSQLDB and everything will be easier for
you.
4) Customize the CA properties if you need to do so.
(Please guys, review the name of the properties to help me come up with
something more meaningful)
5) Open another console (terminal) and type 'ant j2ee:run' to start JBoss.
4) Switch to you other console and type 'ant -f bin/cli.xml
ejbca:bootstrap'
it will compile, jar, war, ear everything and deploy it JBoss, you
should see JBoss
picking up all the changes and deploying the ear
5) Type 'ant -f bin/cli.xml ejbca:install' it will generate all
certificate, keys, etc..
You will find all keys in ${ejbca.home}/p12. (do not delete those files !)
- tomcat.jks is for the servlet container (don't bother with it)
- superadmin.p12 should be imported in your browser, that's your
certificate.
6) Stop JBoss (ctrl +c or whatever)
7) type 'ant deploy', this will deploy everything again and configure
the servlet
container with the keystore file. (this is why we needed to stop the
container)
8) Start JBoss again and go to http://localhost:8080/ejbca/
NB: You will also notice that there is a j2ee:debug target, it will
start JBoss in debug mode. Just fire up your debugger to the default
transport and address display on your console and you're set. You can
now debug your application.
-------------------------------------------------------- snip
------------------------------------------
If you don't feel like living on the edge by checkouting all cvs head
(there are a lot of work in progress)
there are 2 scripts in the bin directory that may be helpful to you
cli.xml and ejbca.sh
cli.xml is a Ant version of the install script
ejbca.sh is a stripped down version of nearly all the scripts that are
hanging around
(Watchout, it now assumes that admin.jar is in dist directory with all
the other jars)
The Ant script is basically equivalent to the following shell script (it
uses ejbca.sh):
#!/bin/sh
store_password=changeit
ca_name=AdminCA1
ca_dn="CN=AdminCA1,O=PrimeKey Solutions AB,C=SE"
ca_keysize=512
ca_validity=365
ca_policy=null
cacert_password=changeit
server_dn="CN=localhost,O=PrimeKey Solutions AB,C=SE"
server_password=serverpwd
hostname=localhost
superadmin_password=primekey
exec ./ejbca.sh ca init $ca_name "$ca_dn" $ca_keysize $ca_validity
$ca_policy
exec ./ejbca.sh setup $hostname ejbca
exec ./ejbca.sh ra adduser tomcat $server_password "$server_dn" null
$ca_name null 1 JKS
exec ./ejbca.sh ra setclearpwd tomcat $server_password
exec ./ejbca.sh ra adduser superadmin $superadmin_password
"CN=SuperAdmin" null $ca_name null 65 P12
exec ./ejbca.sh ra setclearpwd superadmin $superadmin_password
exec ./ejbca.sh batch
cp p12/tomcat.jks $JBOSS_HOME/bin/tomcat.jks
rootca_file=rootca.der
exec ./ejbca.sh ca getrootcert $ca_name $rootca_file -der
exec $JAVA_HOME/bin/keytool -alias EJBCA-CA -delete -keystore
$JAVA_HOME/jre/lib/security/cacerts -storepass $cacert_password
exec $JAVA_HOME/bin/keytool -alias EJBCA-CA -import -trustcacerts -file
$rootca_file -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass
$cacert_password -noprompt
rm -f $rootca_file
Hope it helps
---------------------
Hi,
I try to get EJBCA running on Solaris 8 but the install.sh scipts
fails with an error:
----------------------------------------------------------------------
You have entered the following data :
CA short name : AdminCA1
Distinguished Name CA : CN=AdminCA1,O=PrimeKey Solutions AB,C=SE
Keysize of the CA : 2048
Validity in days for the CA : 3650
Policy id of the CA : 2.5.29.32.0
Computer name of CA server : 10.36.14.25
Distinguished Name of the SSL server certificate :
CN=10.36.14.25,O=PrimeKey Solutions AB,C=SE
Password for the super administrators keystore : 112233
Is this correct ( Yes/No/Exit ) :yes
The installation will now start, please wait .....
Usage: CA info | init | listcas | makeroot | getrootcert | makereq |
recrep | processreq |
createcrl | getcrl | rolloverroot | rolloversub | listexpired |
exportprofiles |
importprofiles
Setup of Administration Web Interface have started, this will take a
minute to complete ....
An error occurered when trying to Administrative Web Interface.
----------------------------------------------------------------------
I have installed:
j2sdk-1_4_2_05-solaris-sparc.sh
jce_policy-1_4_2.zip
jboss-3.2.5.tar.gz
apache-ant-1.6.1-src.tar.gz
ejbca_3_0_2.zip
Everything but EJBCA seems to work fine. How can I debug this error?
cu Sascha
|
