Friday, November 19, 2010

EJBCA : a Step By Step install Guide

As mentionned in my previous Article Presenting EJBCA, this article will explain how to have an In-House Certificate Authority up and running using EJBCA.
EJBCA needs a couple of componenets to be installed in order for it to work, we will be using :
  • EJBCA 3.9.5
  • Mysql Server 5
  • Apache Ant 1.7
  • OpenJDK 6 JDK
  • JCE (Java Cryptographique Extension) 6
  • JBoss Application Server 4.4
  • MySQL Java Connector 5

    We will be using Ubuntu Server for the install.

    • Installing and configuring MySQL Server

    install MySQL Server using the following Shell command :
    $>sudo apt-get install mysql-server

    once the install ends, open MySQL command line interface, and connect as the root user :
    #>mysql -u root -p
    #>Password: (enter your root password)

    now we will create a database for EJBCA :
    Mysql>CREATE database ejbca;

    create a new user that will be used by ejbca to connect to MySQL, and authorize him access on ejbca database :
    Mysql>USE ejbca;
    Mysql>CREATE user 'ejbca'@'localhost' IDENTIFIED BY 'ejbca';
    Mysql>GRANT SELECT,UPDATE,DELETE,CREATE on ejbca.* to 'ejbca'@'localhost';
    • Installing Apache Ant

    install Apache Ant using the following Shell command :
    $>sudo apt-get install ant
    That's all there is to installing ANT :).
    • Installing JDK 6

    for JDK you can either install sun jdk using
    $>sudo apt-get install java-6-jdk-sun
    Or install openJDK :
    $>sudo apt-get install openjdk-6-jdk
    • Installing JCE

    EJBCA needs to be able to generate keys of lengths greater than usualy supported by JCE, so you will need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6, and extract it to your "jre/lib/security/" in JAVA_HOME Directory.
    • Installing MySQL Java Connector

    Download the connector from MySQL Java Connector download page, and keep it until we begin installing JBoss Application Server.
    • Installing JBoss Application Server

    Download JBoss AS from JBoss AS Download Page.
    Unzip the file downloaded, and copy it to "/opt/".
    Copy the MySQL Java connector previously downloaded to "/opt/jboss/server/default/lib".
    create a user and group "jboss", with working directory "/opt/jboss" using the following Shell commands :
    #>groupadd jboss
    #>useradd -d /opt/jboss -g jboss jboss
    #>passwd jboss
    • Setting up environment variables

    create a file 'ejbca.sh' in '/etc/profile.d' using :
    #>touch /etc/profile.d/ejbca.sh
    edit the file and add these lines to it :
    #!/bin/sh
    export JAVA_HOME=/usr/lib/jvm/java-6-openjdk
    export JBOSS_HOME=/opt/jboss
    export APPSRV_HOME=/opt/jboss
    export ANT_OPTS=-Xmx512m
    export JBOSS_HOST=0.0.0.0
    export ANT_HOME=/opt/ant
    export EJBCA_HOME=/opt/ejbca
    export JBOSS_CONSOLE=/var/log/jboss.log
    export JBOSSUS=jboss
    export JBOSS_SERVER=default
    export PATH=$JAVA_HOME/bin:$ANT_HOME/bin:$PATH
    make the file executable using :
    #>chmod +x /etc/profile.d/ejbca.sh
    save the file, logout, and relogin.
    • Installing EJBCA

    Download EJBCA from EJBCA Download Page, unzip it to '/opt/ejbca'.
    rename the file 'database.properties.sample' in the conf directory to 'database.properties', and edit its properties to match the database of your choice (in our case MySQL).
    Make sure JBoss is not running, then run these commands :
    #>cd $EJBCA_HOME
    #>ant clean
    #>ant bootstrap
    Now start JBoss AS :
    #>cd $JBOSS_HOME/bin
    #>chmod +x run.sh
    #>./run.sh
    once JBoss is running, start EJBCA Install task :
    #>cd $EJBCA_HOME
    #>ant install
    once the install finished, and you get the "BUILD SUCCESSEFUL" message, shutdown JBoss, and start the deploy :
    #>$JBOSS_HOME/bin/shutdown.sh -s
    #>cd $EJBCA_HOME
    #>ant deploy
    after the deploy ends, start JBoss, and EJBCA should be up and running at http://localhost:8080/ejbca.
    In order to access the administration interface, you will need to import the superadmin.p12 generated in the p12 directory of your EJBCA install.

    9 comments:

    1. This comment has been removed by the author.

      ReplyDelete
    2. BUILD FAILED
      /opt/ejbca/ejbca_4_0_3/build.xml:61: The following error occurred while executing this line:
      /opt/ejbca/ejbca_4_0_3/bin/cli.xml:93: The following error occurred while executing this line:
      /opt/ejbca/ejbca_4_0_3/bin/cli.xml:128: Batch generation failed!

      Why did it fail?

      ReplyDelete
    3. BUILD FAILED
      /opt/ejbca/ejbca_4_0_3/build.xml:61: The following error occurred while executing this line:
      /opt/ejbca/ejbca_4_0_3/bin/cli.xml:93: The following error occurred while executing this line:
      /opt/ejbca/ejbca_4_0_3/bin/cli.xml:128: Batch generation failed!

      Why did it fail?

      you nead to copy EJBCA_HOME/lib/bc*.jar to JBOSS_HOME/server/default/lib/

      ReplyDelete
    4. Hi, i have same problem:

      BUILD FAILED
      /opt/ejbca/ejbca_4_0_3/build.xml:61: The following error occurred while executing this line:
      /opt/ejbca/ejbca_4_0_3/bin/cli.xml:93: The following error occurred while executing this line:
      /opt/ejbca/ejbca_4_0_3/bin/cli.xml:128: Batch generation failed!

      i tried what laghzaoui mohammed recommend and nothing

      ReplyDelete
    5. Zeliko,
      I had had exactly the same problem, it should be caused by the incorrect configuration of "yourDB" JAVA connector or by the incorrect placement of it's *.jar.
      Double check the $EJBCA_HOME/conf/database.properties file
      For MySQL the jar files should reside on $JBOSS_HOME/server/default/lib and in the $EJBCA_HOME/conf/database.properties file should be uncommented the following rows:
      database.name=mysql
      database.url=jdbc:mysql://127.0.0.1:3306/ejbca
      database.driver=com.mysql.jdbc.Driver
      database.username=ejbca
      database.password=ejbca

      ReplyDelete
    6. Thank you for help, in addition you have to set the default name of MySql connector to "MySQL-connector-java.jar"

      ReplyDelete
    7. Hello,

      I have published a more detailed ejbca installation guide using CentOS 6.5, ejbca 6, and Jboss 7.1.1:
      http://ejbcacentos.blogspot.com/2014/04/installing-ejbca-on-centos.html

      ReplyDelete
    8. Thanks for your share. By the way, can you start a tutorial to guide HA MySQL in EJBCA?

      ReplyDelete
    9. Hi,
      I am getting following error when i click on "Administration" on EJBCA web page:

      17:03:02,655 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/ejbca/adminweb].[jsp]] Servlet.service() for servlet jsp threw exception: java.io.FileNotFoundException: /tmp/languages/languagefile.ja.properties (No such file or directory)
      at java.io.FileInputStream.open(Native Method) [:1.6.0_41]
      at java.io.FileInputStream.(FileInputStream.java:140) [:1.6.0_41]
      at java.io.FileInputStream.(FileInputStream.java:96) [:1.6.0_41]
      at org.ejbca.ui.web.admin.configuration.WebLanguages.init(WebLanguages.java:69) [:]
      at org.ejbca.ui.web.admin.configuration.WebLanguages.(WebLanguages.java:80) [:]


      Please help.

      ReplyDelete