Ejbca installation windows

Active 4 years, 4 months ago. Viewed 2k times. Right now, the project functionalities are similar to a Repository of files. Jorge Boavida Jorge Boavida 3 2 2 bronze badges.

Add a comment. Active Oldest Votes. Masudul Masudul Hi masudul, where is the demo CD video? DO NOT forget the passwords, if you need to re-install the software sometime. To use a hard ca token from start change ca. You also need to add the appropriate values to the ca. Read the HSM documentation for the right values. To put the initial superadmin certificate on a smartcard, set superadmin.

Enroll from public web after the installation is complete, as you would with any other smartcard user. Username is "superadmin" and password is superadmin. Do the same with other configuration files that you might want to customize. The default values often works fine and is a safe bet if you are unsure. Most options are well documented in the sample files. For production use you should use a real database instead of the embedded one. Due to differences, and bugs, in different application servers you have to configure your application server with some settings, and EJBCA with server specific settings.

See the application servers section. When everything is prepared, there are a few things to configure before starting your applications and running everything in a production environment. In a production environment you should use something like the following structure: Go through the install process creating an ManagementCA.

Use a simple DN. This CA should only used to issue the administrator certificates. Not published in LDAP. Now you can use the certificate profiles etc that you like. These certificates can be published in LDAP. In a production environment you should use something else than the default Hypersonic database that comes with JBoss for the reasons: Hypersonic database is in-memory, which means that over time it will consume more memory.

If a large number of certificates is issued, it will become an issue after a while. When a new version of EJBCA is released we can not create scripts that updates the database if some tables changed. This will make upgrades much much harder. Running the deploy and install commands as described will also configure the application server with data sources and web configuration automatically. If deploying on WildFly , you should instead follow that guide to manually configure data sources and web.

You can start JBoss with the normal command 'standalone. You should see JBoss picking up everything and deploying the ear without errors. You will be prompted to enter the value for database. The command will generate all certificates, keys, etc needed to run with an initial CA, and configure TLS in the servlet container to use the generated keystore and truststore files which are also copied in the process.

The command 'ant install' is only run once, when the CA is first installed. It creates lots of things in the database, and can not be run again it will give an error if you try. This is the super administrators certificate used to access the admin GUI. Other administrators with specific privileges can be created later on. The default password for superadmin. Upgrading withing patch verson i.

When you upgrade, or simply change a configuration setting in properties files, you do not need to fully re-install EJBCA, or re-configure the application server. This is done with a simple command:. No need to run a full 'ant deploy'. This command cleans previous build and builds a new ejbca. No re-configuration of the application server datasource, TLS etc is done. For easy upgrades, keeping personal configuration between versions, you should consider using the ejbca-custom feature.

Generally upgrades across multiple versions are supported using the generic upgrade instructions. To enable efficient maintenance there are certain break points where multi-step upgrades need to be done. EJBCA 3.

An upgrade can thus be done on Java 6 and JBoss 5. In reality it doesn't, because different application servers have different tweaks for the standard.

CryptoTokenFactory - Can not instantiate org. PKCS11 provider class sun. SunPKCS11 not found.. CryptoTokenFactory - Can not register org. CvcPlugin [echo] jndi. AccessRulePlugin [echo] jndi. Enter password CA token password: [null] [input] skipping input as property java.

CliCommandPlugin: Provider org. You find examples of how to do this in ejbca. If you are only testing EJBCA at this stage and is not setting up a production environment, you can skip the rest of this step. There are default configuration options, that should work in a test environment, for everything. For production use you need to do this, don't forget to edit passwords to be secure and secret.

DO NOT forget the passwords, if you need to re-install the software sometime. To use a hard ca token from start, change ca. You also need to add the appropriate values to the ca.

Read the HSM documentation for the right values. To put the initial superadmin certificate on a smartcard, set superadmin. Enroll from the Public Web after the installation is complete, as you would with any other smartcard user.

Username is superadmin and password is superadmin.