12:40 Installing a CA PKI ejbca in centos 5 3 | |
Raise a bunch of EJBCA 3.9.1 + JBOSS 5.1.0.GA + ant 1.7.1 + jce USJPF 6 + jdk 6u17 on CentOS 5.3Good afternoon, Habrasoobschestvo! For some reason, wrongly, Habre is not a single article on installing the CA (CA) under Linux. I want to tell us a little about the Enterprise Java Beans Certificate Authority (EJBCA) and install it. The article is based on Article HowTo InstallSLCSServer2 InstallEJBCA, as well as ejbc installation guide, well, my own experience setting. EJBCA - a Certificate Authority (Certificate Authority) public key infrastructure (PKI), which is based on the technology of J2EE. It is a reliable, high-performance, platform-independent, flexible and modular Certification Center which can be used independently or integrated into other applications, J2EE. EJBCA PKI is a class of enterprise, which means that it can be used to build a complete PKI infrastructure of the organization. EJBCA is distributed under the GNU LGPL Screenshots of web interface EJBCA: In general, the typical solution, which can be constructed using EJBCA looks like this: but we'll put a simple test setup (for details about the architecture ejbca look at ejbca.org / architecture.html) Because setting default ', no adjustment in ejbca not changed. Installation is designed to test the work. To configure ejbc for this application, see the mana site ejbca.org So, here we go: Download the required packages 1) jdk 6 update 16 jdk-6u17-linux-i586 -rpm.bin 2) JCE Unlimited Strength Jurisdiction Policy Files 6 (at the bottom of the page under the Other Downloads) jce_policy-6.zip 3) apache ant apache- ant-1.7.1-bin.zip 4) JBOSS application server jboss-5.1.0.GA.zip 5) ejbca ejbca_3_9_1.zip Installation UPDATE: yum update install jdk [root @ localhost ~] # mv jdk-6u16-linux-i586-rpm.bin / usr / local / src / [root @ localhost ~] # cd / usr / local / src / [root @ localhost ~] # sh jdk-6u16-linux-i586-rpm.bin add a variable JAVA_HOME [root @ localhost ~] # vim. bashrc export JAVA_HOME = / usr/java/jdk1.6.0_16 / [root @ localhost ~] # source. bashrc check what version of java is selected (in case you should still OpenjDK, it will help here this article on the use of utility alternatives for installing java on CentOS chrisschuld.com/2008/10/installing-sun-java-on-centos- 5-2) [root @ localhost ~] # java-version java version «1.6.0_16» Java (TM) SE Runtime Environment (build 1.6.0_16-b01) Java HotSpot (TM) Client VM (build 14.2-b01, mixed mode, sharing) install ant [root @ localhost ~] # mv apache-ant-1.7.1-bin.zip / usr / local / [root @ localhost ~] # cd / usr / local / [root @ localhost ~] # unzip apache-ant-1.7.1-bin.zip [root @ localhost ~] # cd add a variable ANT_HOME [root @ localhost ~] # vim. bashrc export PATH = $ PATH: / usr/local/apache-ant-1.7.1 / bin / [root @ localhost ~] # source. bashrc Checking work ant (what is displayed below - good =)) [root @ localhost ~] # ant Buildfile: build.xml does not exist! Build failed install JBOSS [root @ localhost ~] # mv jboss-5.1.0.GA.zip / usr / local / [root @ localhost ~] # cd / usr / local / [root @ localhost local] # jar-xvf jboss-5.1.0.GA.zip [root @ localhost local] # cd add a variable JBOSS_HOME and rewrite certain before the variables for elegance [root @ localhost ~] # vim. bashrc export JAVA_HOME = / usr/java/jdk1.6.0_16 / export ANT_HOME = / usr/local/apache- ant-1.7.1 / export JBOSS_HOME = / usr/local/jboss-5.1.0.GA / export PATH = $ PATH: $ JBOSS_HOME / bin: $ ANT_HOME / bin [ root @ localhost ~] # source. bashrc change the permissions of directory c binaries JBOSS'a [root @ localhost ~] # chmod-R 754 / usr/local/jboss-5.1.0.GA / bin set policy files JCE Unlimited Strength Jurisdiction Policy Files 6 and make a backup copy of the original policy files [root @ localhost ~] # mv jce_policy-6.zip / usr / src / [root @ localhost ~] # cd / usr / src / [root @ localhost src] # unzip jce_policy-6.zip [root @ localhost src] # cd / usr/java/jdk1.6.0_16 / jre / lib / security / [root @ localhost security] # cp local_policy.jar local_policy.jar.dist [root @ localhost security] # cp US_export_policy.jar US_export_policy.jar.dist [root @ localhost security] # cp / usr / src / jce / local_policy.jar. [Root @ localhost security] # cp / usr / src / jce / US_export_policy.jar. [Root @ localhost security] # cd ustavlivaem EJBC [root @ localhost ~] # mv ejbca_3_9_1.zip / usr / src / [root @ localhost ~] # cd / usr / src / [root @ localhost src] # unzip ejbca_3_9_1.zip [root @ localhost src] # cd ejbca_3_9_1/conf / creating configuration files ejbca (here I have nothing in them not me, all by default, but at this stage as a DB, you can specify, for example MySQL, admin password, etc.) [root @ localhost conf] # cp catoken.properties.sample catoken.properties [root @ localhost conf] # cp cmp.properties.sample cmp.properties [root @ localhost conf] # cp custom.properties.sample custom.properties [root @ localhost conf] # cp database.properties.sample database.properties [root @ localhost conf] # cp ejbca.properties.sample ejbca.properties [root @ localhost conf] # cp externalra.properties.sample externalra.properties [root @ localhost conf] # cp jaxws.properties.sample jaxws.properties [root @ localhost conf] # cp log4j.properties.sample log4j.properties [root @ localhost conf] # cp log.properties.sample log.properties [root @ localhost conf] # cp mail.properties.sample mail.properties [root @ localhost conf] # cp ocsp.properties.sample ocsp.properties [root @ localhost conf] # cp protection.properties.sample protection.properties [root @ localhost conf] # cp web.properties.sample web.properties [root @ localhost conf] # cp xkms.properties.sample xkms.properties [root @ localhost conf] # cd ... [root @ localhost ejbca_3_9_1] # ant bootstrap [ejbdoclet] Java heap space [ ejbdoclet] ParameterImpl instances: 20 [ejbdoclet] MethodImpl instances: 3394 [ejbdoclet] ConstructorImpl instances: 347 [ejbdoclet] SimpleNode instances: 0 [ejbdoclet] SourceClass instances: 318 [ejbdoclet] XDoc instances: 0 [ejbdoclet] DefaultXTag instances: 0 [ejbdoclet] BinaryClass instances: 321 [ejbdoclet] UnknownClass instances: 71 [ejbdoclet ] Total memory: 1963 [ejbdoclet] Free memory: 0 [ejbdoclet] Try to increase heap size. Can be done by defining ANT_OPTS =- Xmx640m [ejbdoclet] See the JDK tooldocs. BUILD FAILED / usr/src/ejbca_3_9_1/build.xml: 63: The following error occurred while executing this line: / usr/src/ejbca_3_9_1/compile.xmli: 278: Java heap space If this error occurs (and they've always got out), then do so [root @ localhost ejbca_3_9_1] # export ANT_OPTS =- Xmx640m and re-execute [ root @ localhost ejbca_3_9_1] # ant bootstrap waiting until the BUILD SUCCESSFUL The site says the following EJBCA installation: NOTE. JBoss 5.0.0 have a bug causing issues with the BC JCE provider. To work around this you can copy the files EJBCA_HOME / lib / bc *. jar to JBOSS_HOME / server / default / lib /. Remember this when it's time for upgrades! Well, do as they say: [root @ localhost ejbca_3_9_1] # cp lib / bc *. jar / usr/local/jboss-5.1.0.GA/server/default/lib / Running JBOSS on a terminal: [root @ localhost ~] # run.sh-b 0.0.0.0 need to wait 1-2 minutes, until he says: 00 : 38:25,692 INFO [AjpProtocol] Starting Coyote AJP/1.3 on ajp-0.0.0.0-8009 00:38:25,709 INFO [ServerImpl] JBoss (Microcontainer) [5.1.0.GA (build: SVNTag = JBoss_5_1_0_GA date = 200 905 221 053)] Started in 2m: 18s: 521ms continue installing EJBCA in the first terminal [root @ localhost ejbca_3_9_1] # ant install when to say BUILD SUCCESSFUL , then stop JBOSS second terminal CTRL + C in the first terminal execute: [root @ localhost ejbca_3_9_1] # ant deploy now we have to import the certificate admin ejbca from / usr / src/ejbca_3_9_1/p12/superadmin.p12 in the browser In Firefox it is: tab: Edit-Preferences-Advanced-Encryption, View Certificates, your certificates, import and specify the path / usr / src / ejbca_3_9_1/p12/superadmin.p12 credit default password if you have not changed in the settings: ejbca Checking work run JBOSS [root @ localhost ~] # run.sh-b 0.0.0.0 wait 1-2 minutes, until JBOSS starts, start your browser and go to the address https: / / hostname: 8443/ejbca / add an exception for the server certificate and all - see our web-muzzle ejbca: PS Next I have yet to disassemble and hopefully will continue next time))) | |
|
| |
| Total comments: 0 | |