EJBCA : a Step By Step install Guide

As mentionned in my previous Article Presenting EJBCA, this article will explain how to have an In-House Certificate Authority up and running using EJBCA.

EJBCA needs a couple of componenets to be installed in order for it to work, we will be using :

• EJBCA 3.9.5
• Mysql Server 5
• Apache Ant 1.7
• OpenJDK 6 JDK
• JCE (Java Cryptographique Extension) 6
• JBoss Application Server 4.4
• MySQL Java Connector 5

We will be using Ubuntu Server for the install.

• Installing and configuring MySQL Server

install MySQL Server using the following Shell command :

$>sudo apt-get install mysql-server

once the install ends, open MySQL command line interface, and connect as the root user :

#>mysql -u root -p
#>Password: (enter your root password)

now we will create a database for EJBCA :

Mysql>CREATE database ejbca;

create a new user that will be used by ejbca to connect to MySQL, and authorize him access on ejbca database :

Mysql>USE ejbca;
Mysql>CREATE user 'ejbca'@'localhost' IDENTIFIED BY 'ejbca';
Mysql>GRANT SELECT,UPDATE,DELETE,CREATE on ejbca.* to 'ejbca'@'localhost';

• Installing Apache Ant

install Apache Ant using the following Shell command :

$>sudo apt-get install ant

That's all there is to installing ANT :).

• Installing JDK 6

for JDK you can either install sun jdk using

$>sudo apt-get install java-6-jdk-sun

Or install openJDK :

$>sudo apt-get install openjdk-6-jdk

• Installing JCE

EJBCA needs to be able to generate keys of lengths greater than usualy supported by JCE, so you will need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6, and extract it to your "jre/lib/security/" in JAVA_HOME Directory.

• Installing MySQL Java Connector

Download the connector from MySQL Java Connector download page, and keep it until we begin installing JBoss Application Server.

• Installing JBoss Application Server

Download JBoss AS from JBoss AS Download Page.

Unzip the file downloaded, and copy it to "/opt/".

Copy the MySQL Java connector previously downloaded to "/opt/jboss/server/default/lib".

create a user and group "jboss", with working directory "/opt/jboss" using the following Shell commands :

#>groupadd jboss
#>useradd -d /opt/jboss -g jboss jboss
#>passwd jboss

• Setting up environment variables

create a file 'ejbca.sh' in '/etc/profile.d' using :

#>touch /etc/profile.d/ejbca.sh

edit the file and add these lines to it :

#!/bin/sh
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk
export JBOSS_HOME=/opt/jboss
export APPSRV_HOME=/opt/jboss
export ANT_OPTS=-Xmx512m
export JBOSS_HOST=0.0.0.0
export ANT_HOME=/opt/ant
export EJBCA_HOME=/opt/ejbca
export JBOSS_CONSOLE=/var/log/jboss.log
export JBOSSUS=jboss
export JBOSS_SERVER=default
export PATH=$JAVA_HOME/bin:$ANT_HOME/bin:$PATH

make the file executable using :

#>chmod +x /etc/profile.d/ejbca.sh

save the file, logout, and relogin.

• Installing EJBCA

Download EJBCA from EJBCA Download Page, unzip it to '/opt/ejbca'.

rename the file 'database.properties.sample' in the conf directory to 'database.properties', and edit its properties to match the database of your choice (in our case MySQL).

Make sure JBoss is not running, then run these commands :

#>cd $EJBCA_HOME
#>ant clean
#>ant bootstrap

Now start JBoss AS :

#>cd $JBOSS_HOME/bin
#>chmod +x run.sh
#>./run.sh

once JBoss is running, start EJBCA Install task :

#>cd $EJBCA_HOME
#>ant install

once the install finished, and you get the "BUILD SUCCESSEFUL" message, shutdown JBoss, and start the deploy :

#>$JBOSS_HOME/bin/shutdown.sh -s
#>cd $EJBCA_HOME
#>ant deploy

after the deploy ends, start JBoss, and EJBCA should be up and running at http://localhost:8080/ejbca.

In order to access the administration interface, you will need to import the superadmin.p12 generated in the p12 directory of your EJBCA install.