EJBCA初步探究（配置）

EJBCA技术概述:

EJB：EJB(Enterprise JavaBeans)--J2EE核心组件,EJB并不是一个产品。它是Java服务器端服务框架的规范，软件厂商根据它来实现EJB服务器。

EJBCA：EJBCA是一个全功能的CA系统软件，它基于J2EE技术，并提供了一个强大的、高性能并基于组件的CA。EJBCA兼具灵活性和平台独立性，能够独立使用，也能和J2EE应用程序集成。是OSI认证的开源软件.

EJBCA与openssl比较

openssl－－没有web方式的页面，尽管可以生成可用的ca证书和密钥，但是所用命令参数多，难记，不直观，使用极其不便。

EJBCA －－既可支持命令行方式生成可用的ca证书和密钥，进行证书和密钥生命周期的管理，也可用web方式完成以上工作。使用更直观、更方便。

软件清单

JDK1.6
jce_policy6.zip
http://java.sun.com/javase/downloads/index.jsp
ejbca_3_8_2.zip
http://www.ejbca.org/download.html
mysql-5.1.33-win32.msi
http://dev.mysql.com/downloads/mysql/5.1.html
mysql-connector-java-5.1.7.zip
http://download.softagency.net/MySQL/Downloads/Connector-J/
apache-ant-1.7.1-bin.zip
http://ant.apache.org/bindownload.cgi
jboss-5.0.1.GA-jdk6.zip
http://downloads.sourceforge.net/jboss/jboss-5.0.1.GA-jdk6.zip?use_mirror=jaist

安装步骤

I.安装j2se6，解压jce_policy，把local_policy.jar和US_export_policy.jar覆盖到 C:\Program Files\Java\jdk1.6.0_12\jre\lib\security和C:\Program Files\Java\jre6\lib\security下各一份。

II.安装mysql。用户名密码均为“root”。运行开始菜单里的mysql command line client命令行工具，输入口令“root”，并建立一个空数据库ejbca，命令行为“create database ejbca;”。而后退出命令行工具。

III.解压ejbca、jboss、ant到C盘ejbca目录下.

IV.把mysql-connector-java-5.1.7.zip里的mysql-connector-java-5.1.7-bin.jar和%EJBCA_HOME%\lib下的bc*.jar 拷贝到%JBOSS_HOME%\server\default\lib目录下。

设置环境变量

JAVA_HOME=C:\Program Files\Java\jdk1.6.0_11
ANT_HOME=C:\ejbca\apache-ant
JBOSS_HOME=C:\ejbca\jboss
ANT_OPTS=-Xmx512m (防止编译时堆栈溢出，设定数值根据自己机器来，本人试过120M也能通过。)
PATH=%JAVA_HOME%\BIN;%JBOSS_HOME%\BIN;%ANT_HOME%\bin
CLASSPATH=%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\lib\tools.jar;%JAVA_HOME%\lib

配置ejbca

将%EJBCA_HOME%\conf\ejbca.properties.sample复制保存为%EJBCA_HOME%\conf\ejbca.properties
将%EJBCA_HOME%\conf\web.properties.sample，复制保存为%EJBCA_HOME%\conf\web.properties
将%EJBCA_HOME%\conf\database.properties.sample复制保存为 %EJBCA_HOME%\conf\database.properties

编辑database.properties如下 （下文中没有'#'的几行在原文件中是有'#',修改就是把'#'去掉）
# ------------- Database configuration ------------------------
# jndi name of the datasource to use in deployment descriptors of ejbs.
# default: EjbcaDS
#datasource.jndi-name=EjbcaDS
# Prefix for the jndi name of the datasource to use in deployment descriptors of ejbs.
# JBoss requires 'java:/' as prefix, while Weblogic does not want anything (''), and Glassfish wants jdbc/
# Oracle usually uses jdbc/ as well.
# For Websphere use jdbc/.
# default: java:/
#datasource.jndi-name-prefix=java:/
#datasource.jndi-name-prefix=
#datasource.jndi-name-prefix=jdbc/
# Weblogic in combination with Oracle requires special handling of LONG/BLOB columns
# If, and only if, you are using Weblogic and Oracle, uncomment the row below.
# Use OracleBlob in Weblogic 8.x and Blob in Weblogic 9.x
# Note: This setting is not needed in Weblogic 9.2. Leave it commented out.
# default:
#weblogic-oracle-columntype=@weblogic.dbms-column-type Blob
# The database name selected for deployment, used to copy XDoclet merge files.
# All supported databases are defined below, others can easily be added
# See the document doc/howto/HOWTO-database.txt for database specifics and tips and tricks.
# Default: hsqldb
database.name=mysql
#database.name=postgres
#database.name=mssql2000
#database.name=oracle
#database.name=sapdb
#database.name=sybase
#database.name=informix
#database.name=derby
#database.name=db2
# The datasource mapping selected for deployment.
# The J2EE server needs to be configured with the appropriate datasource mapping.
# For JBoss this maps to a setting in standardjbosscmp-jdbc.xml and must match the database chosen above.
# All supported mappings are defined below, others can easily be added
# Default: Hypersonic SQL
datasource.mapping=mySQL
#datasource.mapping=PostgreSQL 7.2
#datasource.mapping=PostgreSQL 8.0
#datasource.mapping=MS SQLSERVER2000
#datasource.mapping=Oracle8
#datasource.mapping=Oracle9i
#datasource.mapping=SapDB
#datasource.mapping=Sybase
#datasource.mapping=Informix92
#datasource.mapping=InformixDB
#datasource.mapping=Derby
#datasource.mapping=DB2
# Database connection url.
# This is the URL used to connect to the database, used to configure a new datasource in JBoss.
# Default: jdbc:hsqldb:${jboss.server.data.dir}${/}hypersonic${/}localDB
#database.url=jdbc:mysql://127.0.0.1:3306/ejbca
database.url=jdbc:mysql://127.0.0.1:3306/ejbca?characterEncoding=UTF-8
#database.url=jdbc:postgresql://127.0.0.1/ejbca
#database.url=jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=ejbca
#database.url=jdbc:oracle:thin:@127.0.0.1:1521:ejbca
#database.url=jdbc:datadirect:oracle://127.0.0.1:1521;SID=ejbca
#database.url=jdbc:informix-sqli://127.0.0.1:1525/ejbca:informixserver=mydbservername;DBDATE=DMY4/;
#database.url=jdbc:derby://127.0.0.1/ejbca;create=true
#database.url=jdbc:db2://127.0.0.1:50000/ejbca
# JDBC driver classname.
# The J2EE server needs to be configured with the appropriate JDBC driver for the selected database
# Default: org.hsqldb.jdbcDriver
database.driver=com.mysql.jdbc.Driver
#database.driver=org.postgresql.Driver
#database.driver=com.microsoft.jdbc.sqlserver.SQLServerDriver
#database.driver=oracle.jdbc.driver.OracleDriver
#database.driver=com.ddtek.jdbc.oracle.OracleDriver
#database.driver=com.informix.jdbc.IfxDriver
#database.driver=org.apache.derby.jdbc.ClientDriver
#database.driver=com.ibm.db2.jcc.DB2Driver
# Database username.
# Default: sa (works with hsqldb)
#database.username=ejbca
#database.username=postgres
database.username=root
# Database password.
# Default: (blank works with hsqldb)
#database.password=ejbca
#database.password=postgres
database.password=root                                                                                                                             
cmd 到ejbca目录下运行ant bootstrap命令，用来进行编译，打包，部署工作，生成ejbca.ear文件用来部署到jboss 中。                                                                                                                           

打开JBOSS目录，运行bin目录下的run.bat，启动jboss控制台。

cmd到ejbca目录下运行ant install命令，进行ejbca的安装（安装会生成p12文件，如无此文件，检查前几步是否有漏项)。

按一下Ctrl+C，停止JBOSS.

cmd到ejbca目录下运行ant deploy，进行ejbca的部署。

打开浏览器，添加%EJBCA_HOME%\p12下 superadmin.p12证书，口令为“ejbca”。 (安装成功)

运行run.bat重新启动jboss，访问http://localhost:8080/ejbca

进入adminstration

安装中出现的错误

运行ant bootstrap时出现java heap space错误。解决方法：设置ANT_OPTS=-Xmx512m

运行ant install时出现JCE cannot authenticate the provider BC错误，解决方法如下（官网截图）

安装mysql时可能会无法启动mysql服务，解决方法：卸载，删除data文件，重装mysql