用mySQL数据库配置EJBCA

一. 所需要的软件：

1. J2SDK、 ANT 、JBOSS、EJBCA、MYSQL数据库、MYSQL的JDBC驱动程序, jce_policy-1_4_2（如果

密码超过六位的话就需要这个文件）。

2.安装配置好J2SDK、 ANT 、JBOSS、EJBCA.. 安装MYSQL数据库。

二. 安装过程

1.装好mysql及mysql客户端 在root用户下创建了数据库 ejbca。 安装MYSQL时默认的用户就是root.

2.用的jdbc驱动:mysql-connector-java-3.0.17-ga-bin.jar复制到%jboss-home%/server/defalut/lib下面

3.修改了mysql-ds.xml文件 中的数据源 jndi名字为我自己取的名字sunrisefeDS（此名字可以任意取

，后面要求输入的名字要与此一样）。以及登录数据库的用户名和密码 我的是 :root 密码为6844, 因为我的数据库是建在root下面的

4.将修改后的mysql-ds.xml文件复制到了jboss-home/server/default/deploy下面

5.然后运行 ant replaceDS
按照提示输入了参数:
mysql
java:/sunrisefeDS (如果上面jndi名字为aaaa，则此为java:/aaaa)

6.运行ant
7:运行ant deploy
8:启动jboss
9.运行install .安装步骤可以参考官方网站自带的安装指南。

值得注意的是：很多软件之间可能会有些冲突，起初我用最新版本的EJBCA折腾了半天也不行，后来换了一个低一点的版本，一下就成功了。据别人经验，MYSQL驱动程序可能也会有版本的冲突，所以当这个版本不行的时候，可以换一个试试。

下面为安装的屏幕显示：

Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd../..

C:\>cd ejbca

C:\ejbca>ant replaceDS
Buildfile: build.xml

replaceDS:
    [input] Type of database :(oracle,mssql,mysql,postgres,postgres8,sapdb,hsqld
b,sybase)
mysql
    [input] Data source (default java:/DefaultDS, recommended java:/EjbcaDS):
java:/EjbcaDS
     [copy] Copying 1 file to C:\ejbca\src\ca\ca\META-INF
     [copy] Copying 1 file to C:\ejbca\src\ra\META-INF
     [copy] Copying 1 file to C:\ejbca\src\log\META-INF
     [copy] Copying 1 file to C:\ejbca\src\authorization\META-INF
     [copy] Copying 1 file to C:\ejbca\src\hardtoken\META-INF
     [copy] Copying 1 file to C:\ejbca\src\keyrecovery\META-INF

BUILD SUCCESSFUL
Total time: 22 seconds
C:\ejbca>ant
Buildfile: build.xml

init:
    [mkdir] Created dir: C:\ejbca\tmp\classes
    [mkdir] Created dir: C:\ejbca\dist

compile:
    [javac] Compiling 465 source files to C:\ejbca\tmp\classes
     [copy] Copying 470 files to C:\ejbca\src\java

apply.war:
    [mkdir] Created dir: C:\ejbca\tmp\publicweb\apply.war
     [copy] Copying 20 files to C:\ejbca\tmp\publicweb\apply.war
     [copy] Copying 44 files to C:\ejbca\tmp\publicweb\apply.war\WEB-INF\classes

      [jar] Building jar: C:\ejbca\dist\apply.war

status.war:
    [mkdir] Created dir: C:\ejbca\tmp\publicweb\status.war
     [copy] Copying 1 file to C:\ejbca\tmp\publicweb\status.war
     [copy] Copying 26 files to C:\ejbca\tmp\publicweb\status.war\WEB-INF\classe
s
      [jar] Building jar: C:\ejbca\dist\status.war

webdist.war:
    [mkdir] Created dir: C:\ejbca\tmp\publicweb\webdist.war
     [copy] Copying 7 files to C:\ejbca\tmp\publicweb\webdist.war
     [copy] Copying 48 files to C:\ejbca\tmp\publicweb\webdist.war\WEB-INF\class
es
      [jar] Building jar: C:\ejbca\dist\webdist.war

ca.jar:
    [mkdir] Created dir: C:\ejbca\tmp\ca\ca.jar
     [copy] Copying 442 files to C:\ejbca\tmp\ca\ca.jar
      [jar] Building jar: C:\ejbca\dist\ca.jar

log.jar:
    [mkdir] Created dir: C:\ejbca\tmp\log.jar
     [copy] Copying 11 files to C:\ejbca\tmp\log.jar
     [copy] Copying 23 files to C:\ejbca\tmp\log.jar
      [jar] Building jar: C:\ejbca\dist\log.jar

authorization.jar:
    [mkdir] Created dir: C:\ejbca\tmp\authorization.jar
     [copy] Copying 10 files to C:\ejbca\tmp\authorization.jar
     [copy] Copying 91 files to C:\ejbca\tmp\authorization.jar
      [jar] Building jar: C:\ejbca\dist\authorization.jar

hardtoken.jar:
    [mkdir] Created dir: C:\ejbca\tmp\hardtoken.jar
     [copy] Copying 10 files to C:\ejbca\tmp\hardtoken.jar
     [copy] Copying 64 files to C:\ejbca\tmp\hardtoken.jar
      [jar] Building jar: C:\ejbca\dist\hardtoken.jar

keyrecovery.jar:
    [mkdir] Created dir: C:\ejbca\tmp\keyrecovery.jar
     [copy] Copying 11 files to C:\ejbca\tmp\keyrecovery.jar
     [copy] Copying 28 files to C:\ejbca\tmp\keyrecovery.jar
      [jar] Building jar: C:\ejbca\dist\keyrecovery.jar

ra.jar:
    [mkdir] Created dir: C:\ejbca\tmp\ra.jar
     [copy] Copying 12 files to C:\ejbca\tmp\ra.jar
     [copy] Copying 95 files to C:\ejbca\tmp\ra.jar
      [jar] Building jar: C:\ejbca\dist\ra.jar

adminweb.war:
    [mkdir] Created dir: C:\ejbca\tmp\adminweb.war
     [copy] Copying 95 files to C:\ejbca\tmp\adminweb.war
     [copy] Copying 14 files to C:\ejbca\tmp\adminweb.war\WEB-INF\classes
      [jar] Building jar: C:\ejbca\dist\adminweb.war

ca.ear:
    [mkdir] Created dir: C:\ejbca\tmp\ca\ear
     [copy] Copying 1 file to C:\ejbca\tmp\ca\ear\ear
     [copy] Copying 7 files to C:\ejbca\tmp\publicweb\publicwebroot.war
      [jar] Building jar: C:\ejbca\tmp\ca\ear\ear\publicwebroot.war
     [copy] Copying 10 files to C:\ejbca\tmp\ca\ear\ear
     [copy] Copying 7 files to C:\ejbca\tmp\ca\ear\ear\lib
      [jar] Building jar: C:\ejbca\dist\ejbca-ca.ear

admin.jar:
    [mkdir] Created dir: C:\ejbca\tmp\adminjar
     [copy] Copying 2 files to C:\ejbca\tmp\adminjar
     [copy] Copying 226 files to C:\ejbca\tmp\adminjar
      [jar] Building jar: C:\ejbca\admin.jar

build:

BUILD SUCCESSFUL
Total time: 1 minute 19 seconds
C:\ejbca>ant deploy
Buildfile: build.xml

init:

compile:

apply.war:

status.war:

webdist.war:

ca.jar:

ra.jar:

adminweb.war:

log.jar:

hardtoken.jar:

keyrecovery.jar:

authorization.jar:

ca.ear:

admin.jar:

deploy:
     [copy] Copying 1 file to C:\jboss-4.0.2\server\default\deploy
     [copy] Copying C:\ejbca\dist\ejbca-ca.ear to C:\jboss-4.0.2\server\default\
deploy\ejbca-ca.ear

BUILD SUCCESSFUL
Total time: 18 seconds
C:\ejbca>install
Welcome to EJBCA Installation
This script acts as a wizard helping you with the installation of your Certifica
te Authority.

Before the installation will begin make sure of the following preparations have
been done:

1. The EJBCA application is deployed to the application server. ('ant deploy')

2. You run this installation with access to administrative privileges.

Is these requirements meet (Yes/No) :yes

This installation will create a first administrative CA. This CA will be used to
 create the first
superadministrator and for the SSL server certificate of administrative web serv
er.

When the administrative web server have been setup you can create other CA:s and
 administrators.

Please enter the short name for the CA.
This is only used for administrative purposes,
avoid spaces or odd characters (Ex 'AdminCA1') :sunrisefe
Enter the Distinguished Name of the CA. This is used in the CA certificate to di
stinguish the  CA. (Ex 'CN=AdminCA1,O=PrimeKey Solutions AB,C=SE') :CN=sunrisefe
CA,O=whut,C=cn
Enter the keysize in bits of the CA, only digits. (Ex '2048') : 2048
Enter the validity in days for the CA, only digits (Ex '3650') :3650
Enter the policy id of the CA. Policy id determine which PKI policy the CA uses.

Type your policy id or use '2.5.29.32.0' for any policy or 'NO' for no policy at
 all.
 (Ex '2.5.29.32.0') :2.5.29.32.0

Now for some information required to set up the administration web interface.

Please enter the computer name of CA server. (Ex 'caserver.primekey.se') :sunris
efe
Enter the Distinguished Name of the SSL server certificate used by the administr
ative web gui
 (Ex 'CN=caserver.primekey.se,O=PrimeKey Solutions AB,C=SE') :CN=caserver.sunris
efe,O=whut,C=cn
Enter a good password for the super administrators keystore. Please remember thi
s one:6481432

You have entered the following data :

CA short name : sunrisefe
Distinguished Name CA : CN=sunrisefeCA,O=whut,C=cn
Keysize of the CA :  2048
Validity in days for the CA : 3650
Policy id of the CA : 2.5.29.32.0
Computer name of CA server : sunrisefe
Distinguished Name of the SSL server certificate : CN=caserver.sunrisefe,O=whut,
C=cn
Password for the super administrators keystore : 6481432
Is this correct ( Yes/No/Exit ) :yes

The installation will now start, please wait .....

Initializing CA
Generating rootCA keystore:
DN: CN=sunrisefeCA,O=whut,C=cn
Keysize: 2048
Validity (days): 3650
Policy ID: 2.5.29.32.0
Initalizing Temporary Authorization Module.
Creating CA...
CAId for created CA: 959669511
-Created and published initial CRL.
CA initialized

Setup of Administration Web Interface have started, this will take a minute to c
omplete ....

认证已添加至keystore中

The installation is now complete.
Proceed with the following steps in order to start administrating EJBCA.

1. Restart the application server.
2. Import the p12/superadmin.p12 file in your browser.
3. Go to the following URL: https://<computername>:8443/ejbca/adminweb
4. And now your are all set to start using EJBCA.

If you are interested in  professional support of EJBCA and PKI related question
s,
please contact PrimeKey Solutions AB, Sweden at ejbca@primekey.se or www.primeke
y.se for more information.

C:\ejbca>

三 对上述配置的补充

安装JDK1.4.*,设置JAVA_HOME=C:\j2sdk1.4.2_02;设置classpath=C:\j2sdk1.4.2_02\lib;设置path=C:\j2sdk1.4.2_02\bin;
安装ANT,下载安装包,解压缩到安装路径,设置ANT_HOME=C:\apache-ant-1.6.1;设置path=C:\apache-ant-1.6.1\bin;(一般ANT的安装没有什么问题的)
安装JBOSS,下载安装包,解压缩到安装路径,设置JBOSS_HOME=C:\jboss-3.2.5,启动JBOSS(运行JBOSS_HOME\bin\run.bat),用http://localhost:8080访问,出现JBOSS的信息表示JBOSS安装成功
到下载JDK的地方下载一个 "Unlimited Strength Jurisdiction Policy Files",解压缩之后得到一个JCE文件夹,将里面的两个文件复制到系统默认得jre环境的lib\security下面覆盖原来的两个文件.(放到C:\Program Files\Java\j2re1.4.2_02\lib\security 下面 install才顺利进行)

装好这些之后,最好重启机器,让ejbca找得到JBOSS_HOME