windows下ejbCA的安装和配置
本文是windows平台的ejbCA配置记录,配置过程中参考了很多网上的资料。在此表示感谢。
参见: http://job2job.blog.163.com/blog/static/1416633120071162154863/
http://www.cnblogs.com/luoxiao/archive/2008/01/12/1035963.html
需要的软件:
1. JDK1.5.0_9 http://java.sun.com/
2. JBOSS-4.2.2.GA http://sourceforge.net/project/showfiles.php?group_id=22866&package_id=16942&release_id=548923
3. ejbca_3_5_4.zip http://ejbca.sourceforge.net/download.htm
http://sourceforge.net/project/showfiles.php?group_id=39716&package_id=108797
4. apache-ant-1.7.0-bin.zip http://apache.mirror.phpchina.com/ant/binaries/apache-ant-1.7.0-bin.zip
5. mysql5.0
6. jce_policy-1_5_0.zip http://java.sun.com/javase/downloads/index_jdk5.jsp
7. mysql-connector-java-5.0.6.zip http://download.softagency.net/MySQL/Downloads/Connector-J/
1. 设置环境变量
JAVA_HOME = D:\java\jdk
EJBCA_HOME=D:\ejbca
JBOSS_HOME = D:\ejbca\jboss
ANT_HOME = D:\ejbca\apache-ant-1.7.0
PATH =PATH; %JAVA_HOME%\BIN;%JBOSS_HOME%\BIN;%ANT_HOME%\bin;
CLASSPATH= .;%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\lib\tools.jar;%JAVA_HOME%\lib;
2. mysql 的路径 D:\mysql 用户名和密码:root,123456
创建数据库 ejbca 连接该数据库的用户名和密码也为root,123456后面配置
3. 把mysql-connector-java-5.0.6-bin.jar拷贝到 D:\ejbca\jboss\server\default\lib
以下是ejbCA的一些配置文件的修改,是参考别人的blog:
# Defines the available languages by languagecodes separated with a comma (example EN,ZH).
# If you are not sure that you know how to add a new language (languagefile.XX.properties etc),
# we suggest you stick with the default the first time you install if you wan''t to add your own language.
# Otherwise you may not be able to log in to the admin-GUI.
# Default: EN,FR,IT,ES,SE,ZH
web.availablelanguages=ZH,EN,FR,IT,ES,SE
# Default content encoding used to display JSP pages, for example ISO-8859-1, UTF-8 or GBK.
# Default: ISO-8859-1
web.contentencoding=GBK
# Default: hsqldb
database.name=mysql
# The datasource mapping selected for deployment.
# The J2EE server needs to be configured with the appropriate datasource mapping.
# For JBoss this maps to a setting in standardjbosscmp-jdbc.xml and must match the database chosen above.
# All supported mappings are defined below, others can easily be added
# Default: Hypersonic SQL
datasource.mapping=mySQL
# Database connection url.
# This is the URL used to connect to the database, used to configure a new datasource in JBoss.
# Default: jdbc:hsqldb:${jboss.server.data.dir}${/}hypersonic${/}localDB
database.url=jdbc:mysql://127.0.0.1:3306/ejbca?characterEncoding=UTF-8
# JDBC driver classname.
# The J2EE server needs to be configured with the appropriate JDBC driver for the selected database
# Default: org.hsqldb.jdbcDriver
database.driver=com.mysql.jdbc.Driver
# Database username.
# Default: sa (works with hsqldb)
database.username=root
# Database password.
# Default: (blank works with hsqldb)
database.password=123456
4. jce 解压缩后,jar覆盖 jdk/jre/lib/security下的jar
5. ejbca 下 ant bootstrap
cmd到%EJBCA_HOME%目录下,运行ant bootstrap ,并将生成的%EJBCA_HOME%\dist\下的ejbca.ear拷贝到\%jboss-4.0.5%\server\default\deploy(高版本ejbca不需要,会自动拷贝过去)
6. 启动jboss。%BOSS_HOME%/run.bat
注意:在ant install之前要启动mysql数据库,否则就会无法生成p12文件。我的mysql是手动启动,因此,好几次在ant install之后p12文件夹下是空的,后来发现是mysql没有启动。
ejbca的manual.htm中写到,ant install只能运行一次。当安装失败再重新安装时,记得把mysql中的ejbca drop后重新建立。
7. 。%EJBCA_HOME%/下ant install
8. 停止JBOSS
9. %EJBCA_HOME%目录下,运行ant deploy 。将重新部署整个系统,并用密钥库配置sevlet容器。
10. 将%EJBCA_HOME%/p12/superadmin.p12证书导入浏览器,默认密码是ejbca。导入过程为选择浏览器Internet选项->内容选项卡->证书按钮->导入按钮。就会打开导入证书的对话框。
11. 重新启动jboss。
12.登录http://localhost:8080/ejbca/
13. 进入adminstrator,浏览器会要求你选择证书。选择之前导入的adminCA1就可以了。
安装过程中出现一些错误:
对于ejbCA的安装是否会修改%JAVA_HOME%/jre/lib/security/下的cacerts文件,我不太确定。看到有人在blog里说,安装失败后要重装jdk来恢复cacerts,但我发现安装jdk前后cacerts文件似乎没有改变。建议在安装之前先对该文件做个备份。
这样,第一次安装失败后就不用重装jdk,只用恢复该文件就可以了。