vm0004: upgrading java development kit - ejbca…ejbca.minoss.nl/vm0004.pdf · vm0004: upgrading...
TRANSCRIPT
VM0004: Upgrading java development kit
Application Used at training More recent
Ejbca Ejbca-3.10.1 Ejbca-3.11.5Ejbca-4.0.12
Application-server jboss-4.2.3.GA-jdk6 jboss-5.1.0.GA-jdk6jboss-as-distribution-6.0.0.Finaljboss-as-distribution-6.1.0.Finaljboss-as-7.0.2.Finaljboss-as-7.1.1.Final
Java development kit jdk-6u20-linux-i586 jdk-6u38-ea-bin-b04-linux-amd64-31_oct_2012.binjdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.binjava-1_7_0-openjdk, java-1_7_0-openjdk-devel
Java crypto env jce_policy-6
Mysql connector mysql-connector-java-5.1.13 mysql-connector-java-5.1.22
Java-dev-tool apache-ant-1.8.1-bin apache-ant-1.8.4-bin
Issue at hand is that JBoss-5.x requires JDK6, however jboss-5.1.0 does not seems to work with jdk-6u20. Hence we try first the combination of the elder jboss (4.2.3) with jdk-6u38 (released oct-2012).First, building of virtual machine.→ lvcreate -L 5GB -n vm0002 mainorion:~/ejbca # lvcreate -L 5GB -n vm0004 mainLogical volume "vm0004" created
→ dd if=/dev/mapper/main-template of=/dev/mapper/main-vm0002 bs=1Morion:~/ejbca # time dd if=/dev/mapper/main-template of=/dev/mapper/main-vm0004 bs=1M5120+0 records in5120+0 records out5368709120 bytes (5.4 GB) copied, 136.78 s, 39.3 MB/s
real 2m16.784suser 0m0.004ssys 0m9.613s
Create vm startup file:→ cp vm0000 vm0004orion:/etc/xen/vm # cp vm0001 vm0004orion:/etc/xen/vm # vi vm0004
(change all references towards vm0004)MAC-address and IP-address remains the same.
Start new machine→ xm create -c vm0004orion:/etc/xen/vm # xm create -c vm0004
Welcome to openSUSE 12.2 "Mantis" - Kernel 3.4.6-2.10-xen (xvc0).template login: rootLogin incorrect
template login: beheerPassword: Last login: Tue Nov 20 22:29:14 on xvc0Have a lot of fun...
orion:~/ejbca # ssh 192.168.0.192Password: Last login: Sun Nov 25 23:32:35 2012 from orion
Have a lot of fun...template:~ # template:~ # su -Directory: /rootTue Nov 27 10:33:58 CET 2012
Refresh repositories→ zypper reftemplate:~ # zypper refRepository 'openSUSE-12.2-1.6' is up to date.Repository 'openSUSE-12.2-Non-Oss' is up to date.Repository 'openSUSE-12.2-Oss' is up to date.Retrieving repository 'openSUSE-12.2-Update' metadata ............................................................................[done]Building repository 'openSUSE-12.2-Update' cache ...............................................................................[done]Repository 'openSUSE-12.2-Update-Non-Oss' is up to date.All repositories have been refreshed
Perform upgrade:→ zypper uptemplate:~ # zypper upLoading repository data...Reading installed packages...
The following NEW package is going to be installed:dbus-1-x11
The following packages are going to be upgraded:SuSEfirewall2 aaa_base aaa_base-extras apache2-mod_php5 autoyast2 autoyast2-installation bind-libs bind-utils branding-openSUSE bundle-lang-gnome-en ca-certificates-mozilla coreutils dbus-1 desktop-translations device-mapper exim findutils fontconfig fontconfig-devel gio-branding-openSUSE glib2-devel glib2-tools gnome-keyring gnome-keyring-pam grub2 grub2-branding-openSUSE gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-tools iptables kernel-xen libblkid1 libdbus-1-3 libgck-modules-gnome-keyring libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 libgtk-3-0 libgudev-1_0-0 libiptc0 libmount1 libnfnetlink0 libopenssl1_0_0 libproxy1 libtdb1 libudev0 libupower-glib1 libuuid1 libxcb-composite0 libxcb-damage0 libxcb-devel libxcb-dpms0 libxcb-dri2-0 libxcb-glx0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-res0 libxcb-screensaver0 libxcb-shape0 libxcb-shm0 libxcb-sync0 libxcb-xevie0 libxcb-xf86dri0 libxcb-xfixes0 libxcb-xinerama0 libxcb-xprint0 libxcb-xtest0 libxcb-xv0 libxcb-xvmc0 libxcb1 libxtables7 lvm2 mdadm module-init-tools nfs-client ntp openssl php5 php5-ctype php5-dom php5-iconv php5-json php5-mysql php5-pdo php5-sqlite php5-tokenizer php5-xmlreader php5-xmlwriter pm-utils release-notes-openSUSE rsyslog systemd-presets-branding-openSUSE timezone udev update-alternatives upower util-linux wallpaper-branding-openSUSE xdg-utils xen-libs xen-tools-domU yast2 yast2-country yast2-country-data yast2-ldap-client
111 packages to upgrade, 1 new.Overall download size: 72.3 MiB. After the operation, additional 772.1 KiB will be used.Continue? [y/n/?] (y):
(log of patching is skipped, as it is not relevant. Note however that number of patches has increased since vm0003). Due to kernel patch reboot is required.
→ init 0template:~ # init 0
Broadcast message from root@template on pts/0 (Tue, 27 Nov 2012 10:53:16 +0100):
The system is going down for power-off NOW!
template:~ # Connection to 192.168.0.192 closed by remote host.Connection to 192.168.0.192 closed.
restart new kernel→ xm create -c vm0004orion:/etc/xen/vm # xm create -c vm0004Welcome to openSUSE 12.2 "Mantis" - Kernel 3.4.11-2.16-xen (xvc0).
template login:
Login (thrue ssh) and make vi-screen readableorion:~/ejbca # ssh 192.168.0.192Password: Last login: Tue Nov 27 10:43:05 2012 from orionHave a lot of fun...template:~ # template:~ # vi /etc/vimrc
add “colorscheme desert”
Just for ducumentation purposese adjust the prompt:→ hostname vm0004.minoss.nltemplate:~ # hostname vm0004.minoss.nltemplate:~ # logoutConnection to 192.168.0.192 closed.orion:~/ejbca # ssh 192.168.0.192Password: Last login: Tue Nov 27 10:57:27 2012 from orionHave a lot of fun...vm0004:~ #
Pre-installation tests /actionsArchitecture test: → uname -avm0004:~ # uname -aLinux vm0004.minoss.nl 3.4.11-2.16-xen #1 SMP Wed Sep 26 17:05:00 UTC 2012 (259fc87) i686 i686 i386 GNU/Linux
OS: → cat /etc/SuSE-release ; lsb-release -dvm0004:~ # cat /etc/SuSE-releaseopenSUSE 12.2 (i586)VERSION = 12.2CODENAME = Mantis
vm0004:~ # lsb-release -dDescription: openSUSE 12.2 (i586)
Available diskspace: df -hvm0004:~ # df -hFilesystem Size Used Avail Use% Mounted onrootfs 3.5G 1.4G 2.0G 41% /devtmpfs 487M 36K 487M 1% /devtmpfs 518M 0 518M 0% /dev/shmtmpfs 518M 124K 517M 1% /run/dev/xvda3 3.5G 1.4G 2.0G 41% /tmpfs 518M 0 518M 0% /sys/fs/cgrouptmpfs 518M 0 518M 0% /mediatmpfs 518M 124K 517M 1% /var/locktmpfs 518M 124K 517M 1% /var/run/dev/xvda1 493M 24M 444M 6% /boot
memory → freevm0004:~ # freetotal used free shared buffers cachedMem: 1058888 208608 850280 0 9968 99128-/+ buffers/cache: 99512 959376Swap: 1051644 0 1051644
networking: fqdnPermanent change: → vi /etc/HOSTNAMEvm0004:~ # vi /etc/HOSTNAME
template.minoss.nl ==> vm0004.minoss.nl
(prove would require reboot)
Make fqdn locally known: → vi /etc/hostsvm0004:~ # vi /etc/hosts
add: #192.168.0.192 vm0004.minoss.nl vm0004#
(Note: do not add the name to 127.0.0.1 !!!!!!)
Check: → hostname -fvm0004:~ # hostname -fvm0004.minoss.nl
Networking: own addresses (ifconfig is depreciated) → ip addr show dev eth0vm0004:~ # ip addr show dev eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ffinet 192.168.0.192/24 brd 192.168.0.255 scope global eth0inet6 2001:470:1f01:3785:216:3eff:fe00:0/64 scope global dynamic valid_lft 2591996sec preferred_lft 604796secinet6 fe80::216:3eff:fe00:0/64 scope link valid_lft forever preferred_lft forever
Networking: local ping to self (needed for db connection) → ping -c2 `hostname`vm0004:~ # ping -c2 `hostname`PING vm0004.minoss.nl (192.168.0.192) 56(84) bytes of data.64 bytes from vm0004.minoss.nl (192.168.0.192): icmp_seq=1 ttl=64 time=0.032 ms64 bytes from vm0004.minoss.nl (192.168.0.192): icmp_seq=2 ttl=64 time=0.012 ms
--- vm0004.minoss.nl ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 0.012/0.022/0.032/0.010 ms
Note the correct IP address (not 127.0.0.1)
networking: remote ping to self (needed for browser connection) → ping -c2 vm0004.minoss.nlvm0004:~ # ping -c2 vm0004.minoss.nlPING vm0004.minoss.nl (192.168.0.192) 56(84) bytes of data.64 bytes from vm0004.minoss.nl (192.168.0.192): icmp_seq=1 ttl=64 time=0.023 ms64 bytes from vm0004.minoss.nl (192.168.0.192): icmp_seq=2 ttl=64 time=0.012 ms
--- vm0004.minoss.nl ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 0.012/0.017/0.023/0.006 ms
If not, add on host that will launch the browser lines in /etc/hosts/
Networking: firewall (if firewall too active db-connection or browser-connection might fail) → iptables -L -n -v ; ip6tables -L -n -vvm0004:~ # iptables -L -n -vChain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination
vm0004:~ # ip6tables -L -n -vChain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination
If not, adjust manually.
Aditional users (needed for unprivileged ownership of files and deamon) → egrep "ejbca|jboss" /etc/passwdvm0004:~ # egrep "ejbca|jboss" /etc/passwdNot present in template, so add themvm0004:~ # yast2vm0004:~ # egrep "ejbca|jboss" /etc/passwdejbca:x:1002:100:ejbca:/home/ejbca:/bin/bashjboss:x:1001:100:jboss:/home/jboss:/bin/bash
Expected software (mysql server and client are needed, and product relies on openssl)→ rpm -qa | egrep "ssh|ssl|mysql" |sortvm0004:~ # rpm -qa | egrep "ssh|ssl|mysql" |sortlibopenssl1_0_0-1.0.1c-2.4.1.i586libssh2-1-1.4.0-4.1.2.i586mysql-community-server-5.5.25a-1.2.1.i586mysql-community-server-client-5.5.25a-1.2.1.i586mysql-community-server-errormessages-5.5.25a-1.2.1.i586openssh-6.0p1-2.3.3.i586openssh-askpass-1.2.4.1-1.1.2.i586openssl-1.0.1c-2.4.1.i586php5-mysql-5.3.15-1.12.1.i586
Gathering of unbundeled softwareorion:~/ejbca # sftp [email protected]: Connected to 192.168.0.192.sftp> mkdir DEPOTsftp> mkdir logsftp> cd DEPOTsftp> pwdRemote working directory: /home/ejbca/DEPOT
sftp> put ejbca_3_11_5.zipUploading ejbca_3_11_5.zip to /home/ejbca/DEPOT/ejbca_3_11_5.zipejbca_3_11_5.zip 100% 53MB 26.4MB/s 00:02
sftp> put apache-ant-1.8.1-bin.zipUploading apache-ant-1.8.1-bin.zip to /home/ejbca/DEPOT/apache-ant-1.8.1-bin.zipapache-ant-1.8.1-bin.zip 100% 10MB 10.3MB/s 00:00
sftp> put jboss-4.2.3.GA-jdk6.zipUploading jboss-4.2.3.GA-jdk6.zip to /home/ejbca/DEPOT/jboss-4.2.3.GA-jdk6.zipjboss-4.2.3.GA-jdk6.zip 100% 95MB 23.8MB/s 00:04
sftp> put jdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.binUploading jdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.bin to /home/ejbca/DEPOT/jdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.binjdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.bin 100% 68MB 34.2MB/s 00:02
sftp> put jce_policy-6.zipUploading jce_policy-6.zip to /home/ejbca/DEPOT/jce_policy-6.zipjce_policy-6.zip 100% 9101 8.9KB/s 00:00
sftp> put mysql-connector-java-5.1.13.zipUploading mysql-connector-java-5.1.13.zip to /home/ejbca/DEPOT/mysql-connector-java-5.1.13.zipmysql-connector-java-5.1.13.zip 100% 3926KB 3.8MB/s 00:00
Check: (create file)→ vi /etc/profile.localvm0004:~ # vi /etc/profile.localexport DEPOT=/home/ejbca/DEPOT/export EIL=/home/ejbca/log
re-read env's and use them:vm0004:~ # source /etc/profilevm0004:~ # ll $DEPOTtotal 235912-rw-r--r-- 1 ejbca users 10835815 Nov 27 11:34 apache-ant-1.8.1-bin.zip-rw-r--r-- 1 ejbca users 55257894 Nov 27 11:34 ejbca_3_11_5.zip-rwxr-xr-x 1 ejbca users 99667238 Nov 27 11:35 jboss-4.2.3.GA-jdk6.zip-rwxr-xr-x 1 ejbca users 9101 Nov 27 11:37 jce_policy-6.zip-rw-r--r-- 1 ejbca users 71771776 Nov 27 11:35 jdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.bin-rw-r--r-- 1 ejbca users 4020693 Nov 27 11:37 mysql-connector-java-5.1.13.zip
Database status: default status after rebootvm0004:~ # chkconfig mysqlmysql on(here set in the template)
Database status: current statususe systemd method → systemctl status mysql.servicevm0004:~ # systemctl status mysql.servicemysql.service - LSB: Start the MySQL database serverLoaded: loaded (/etc/init.d/mysql)Active: active (running) since Tue, 27 Nov 2012 10:54:46 +0100; 48min agoProcess: 1315 ExecStart=/etc/init.d/mysql start (code=exited, status=0/SUCCESS)CGroup: name=systemd:/system/mysql.service� 1413 /bin/sh /usr/bin/mysqld_safe --mysqld=mysqld --user=mysql --pid-file=/var/run/mysql/mysqld.pid --socket=/var/run/mysql/mysql.sock --datadir=/var/lib/mysql� 1946 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/mysqld.log --pid-file=/var/run/mysql/mysqld.pid --socket=/var/run/mysql/my...
Nov 27 10:54:44 template mysql[1315]: /etc/rc.status: line 57: /dev/stderr: No such device or addressNov 27 10:54:46 template mysql[1315]: Starting service MySQL ..done
database ip-port: (used in the config files)vm0004:~ # lsof -i -PCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 1325 root 3u IPv4 7890 0t0 TCP *:22 (LISTEN)sshd 1325 root 4u IPv6 7901 0t0 TCP *:22 (LISTEN)mysqld 1946 mysql 10u IPv4 8406 0t0 TCP *:3306 (LISTEN)sshd 2039 root 3u IPv4 8734 0t0 TCP vm0004.minoss.nl:22->orion:50451 (ESTABLISHED)sshd 2456 root 3u IPv4 9343 0t0 TCP vm0004.minoss.nl:22->orion:50456 (ESTABLISHED)sshd 2459 ejbca 3u IPv4 9343 0t0 TCP vm0004.minoss.nl:22->orion:50456 (ESTABLISHED)
re-startable?vm0004:~ # systemctl stop mysql.servicevm0004:~ # lsof -i -PCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1325 root 3u IPv4 7890 0t0 TCP *:22 (LISTEN)sshd 1325 root 4u IPv6 7901 0t0 TCP *:22 (LISTEN)sshd 2039 root 3u IPv4 8734 0t0 TCP vm0004.minoss.nl:22->orion:50451 (ESTABLISHED)sshd 2456 root 3u IPv4 9343 0t0 TCP vm0004.minoss.nl:22->orion:50456 (ESTABLISHED)sshd 2459 ejbca 3u IPv4 9343 0t0 TCP vm0004.minoss.nl:22->orion:50456 (ESTABLISHED)
It can be stopped properly!
vm0004:~ # systemctl start mysql.servicevm0004:~ # lsof -i -PCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 1325 root 3u IPv4 7890 0t0 TCP *:22 (LISTEN)sshd 1325 root 4u IPv6 7901 0t0 TCP *:22 (LISTEN)sshd 2039 root 3u IPv4 8734 0t0 TCP vm0004.minoss.nl:22->orion:50451 (ESTABLISHED)sshd 2456 root 3u IPv4 9343 0t0 TCP vm0004.minoss.nl:22->orion:50456 (ESTABLISHED)sshd 2459 ejbca 3u IPv4 9343 0t0 TCP vm0004.minoss.nl:22->orion:50456 (ESTABLISHED)mysqld 2952 mysql 10u IPv4 10350 0t0 TCP *:3306 (LISTEN)
It can properly be restarted (comes up with different PID) and still listens of proper TCP-port.
Java development kitvm0004:~ # cd /usr/local/vm0004:/usr/local # sh $DEPOT/jdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.bin (extracting from archive not shown...)Symbolic link for version independence:vm0004:/usr/local # ln -s jdk1.6.0_38/ java
Java Cryptographic extensionvm0004:~ # cd /usr/local/vm0004:/usr/local # unzip $DEPOT/jce_policy-6.zipArchive: /home/ejbca/DEPOT//jce_policy-6.zipcreating: jce/inflating: jce/COPYRIGHT.html inflating: jce/README.txt inflating: jce/US_export_policy.jar inflating: jce/local_policy.jar
need to be moved into jdk-libsvm0004:/usr/local # mv -v jce/* java/jre/lib/security/
‘jce/COPYRIGHT.html’ -> ‘java/jre/lib/security/COPYRIGHT.html’‘jce/README.txt’ -> ‘java/jre/lib/security/README.txt’‘jce/US_export_policy.jar’ -> ‘java/jre/lib/security/US_export_policy.jar’‘jce/local_policy.jar’ -> ‘java/jre/lib/security/local_policy.jar’
Remove empty directory:vm0004:/usr/local # rmdir jce/
Jboss application servervm0004:~ # cd /usr/local/vm0004:/usr/local # unzip $DEPOT/jboss-4.2.3.GA-jdk6.zip(extracting from archive not shown...)Symbolic link for version independence:vm0004:/usr/local # ln -s jboss-4.2.3.GA/ jboss
mysql connectorvm0004:~ # cd /usr/local/vm0004:/usr/local # unzip $DEPOT/mysql-connector-java-5.1.13.zip(extracting from archive not shown...)Copy it to the lib-directory:vm0004:/usr/local # cp -v mysql-connector-java-5.1.13/mysql-connector-java-5.1.13-bin.jar jboss/server/default/lib/
‘mysql-connector-java-5.1.13/mysql-connector-java-5.1.13-bin.jar’ -> ‘jboss/server/default/lib/mysql-connector-java-5.1.13-bin.jar’
Check:vm0004:/usr/local # ls -l /usr/local/jboss/server/default/lib/mysql-connector-java-5.1.13-bin.jar-rw-r--r-- 1 root root 767492 Nov 27 11:55 /usr/local/jboss/server/default/lib/mysql-connector-java-5.1.13-bin.jar
Note proper place, date, time.
ANTvm0004:/usr/local # cd /usr/local/vm0004:/usr/local # unzip $DEPOT/apache-ant-1.8.1-bin.zip(extracting from archive not shown...)Symbolic link for version independence:vm0004:/usr/local # ln -s apache-ant-1.8.1/ ant
Environment variables(used to be in /etc/profile, but that might be overwritten during upgrade)vm0004:~ # vi /etc/profile.local
add:############################### env settings for ejbca##############################APPSRV_HOME=/usr/local/jbossJAVA_HOME=/usr/local/javaEJBCA_HOME=/usr/local/ejbcaANT_HOME=/usr/local/antJAVA_OPTS="-Xmx512M -Xms512M"ANT_OPTS="-Xmx512M -Xms512M "
PATH=${APPSRV_HOME}/bin:${JAVA_HOME}/bin:${EJBCA_HOME}/bin:${ANT_HOME}/bin:$PATH
export PATH APPSRV_HOME JAVA_HOME JAVA_OPTS EJBCA_HOME ANT_HOME ANT_OPTS
############################### EOF env settings for ejbca##############################
reread environment:vm0004:~ # source /etc/profile
check:vm0004:/usr/local # env |egrep "JAVA_HOME|JAVA_OPTS|EJBCA_HOME|ANT_HOME|ANT_OPTS|APPSRV_HOME" |sortANT_HOME=/usr/local/antANT_OPTS=-Xmx512M -Xms512M APPSRV_HOME=/usr/local/jbossEJBCA_HOME=/usr/local/ejbcaJAVA_HOME=/usr/local/javaJAVA_OPTS=-Xmx512M -Xms512M
Create databasevm0004:~ # mysqladmin create -u root -p ejbcadbEnter password: (just return)
Create user, Set privilegesvm0004:~ # mysql -u root -pEnter password: (just return)mysql>
mysql> grant all privileges on ejbcadb.* to 'ejbca-user'@'localhost' identified by 'mysql123';Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;Query OK, 0 rows affected (0.00 sec)
(note help, disclaimers not shown)Check actions:
mysql> use mysql;Database changedmysql> select Host,user from user where user='ejbca-user';+-----------+------------+| Host | user |+-----------+------------+| localhost | ejbca-user |+-----------+------------+1 row in set (0.00 sec)
mysql> exitBye
Login as DB-user (check pwd)vm0004:~ # mysql ejbcadb -u ejbca-user -pEnter password: mysql>
Note: user and pwd are correct (later on used in config files)
Check DB content:mysql> show tables;Empty set (0.00 sec)mysql> exitBye
Note: no left overs (in this case hardly possible)
Installing ejbca softwarevm0004:~ # cd /usr/local/vm0004:/usr/local # unzip $DEPOT/ejbca_3_11_5.zip(extracting from archive not shown...)Symbolic link for version independence:vm0004:/usr/local # ln -s ejbca_3_11_5/ ejbca
Set file permissions:vm0004:/usr/local # chown -R ejbca ejbca/(wonder why here, later on done again..)
Recap(show that links are set)vm0004:/usr/local # ll -lrttotal 52drwxr-xr-x 7 root root 4096 Jul 18 2008 jboss-4.2.3.GAdrwxr-xr-x 6 root root 4096 Apr 30 2010 apache-ant-1.8.1drwxr-xr-x 4 root root 4096 Jun 23 2010 mysql-connector-java-5.1.13drwx------ 8 ejbca root 4096 Mar 12 2012 ejbca_3_11_5drwxr-xr-x 2 root root 4096 Jul 15 06:02 srcdrwxr-xr-x 2 root root 4096 Jul 15 06:02 sharedrwxr-xr-x 2 root root 4096 Jul 15 06:02 sbindrwxr-xr-x 2 root root 4096 Jul 15 06:02 libdrwxr-xr-x 2 root root 4096 Jul 15 06:02 includedrwxr-xr-x 2 root root 4096 Jul 15 06:02 gamesdrwxr-xr-x 2 root root 4096 Jul 15 06:02 bindrwxr-xr-x 12 root root 4096 Nov 20 21:54 mandrwxr-xr-x 8 root root 4096 Nov 27 11:50 jdk1.6.0_38lrwxrwxrwx 1 root root 12 Nov 27 11:50 java -> jdk1.6.0_38/lrwxrwxrwx 1 root root 15 Nov 27 11:54 jboss -> jboss-4.2.3.GA/lrwxrwxrwx 1 root root 17 Nov 27 11:58 ant -> apache-ant-1.8.1/lrwxrwxrwx 1 root root 13 Nov 27 12:07 ejbca -> ejbca_3_11_5/
(show that dirs are filled)vm0004:/usr/local # du -sk * |sort -n0 ant0 ejbca0 java0 jboss4 bin
4 games4 include4 lib4 sbin4 share4 src44 man9768 mysql-connector-java-5.1.1343452 apache-ant-1.8.189464 ejbca_3_11_5115112 jboss-4.2.3.GA228716 jdk1.6.0_38
Note: links have size 0k, empty dirs are 4k
Configuring ejbca vm0004:~ # cd /usr/local/ejbca/confvm0004:/usr/local/ejbca/conf # ls -ltotal 148-rw------- 1 ejbca root 6826 May 2 2011 cache.properties.sample-rw------- 1 ejbca root 1219 May 2 2011 catoken.properties.sample-rw------- 1 ejbca root 387 May 2 2011 certstore.properties.sample-rw------- 1 ejbca root 6368 May 2 2011 cmp.properties.sample-rw------- 1 ejbca root 353 May 2 2011 crlstore.properties.sample-rw------- 1 ejbca root 100 May 2 2011 custom.properties.sample-rw------- 1 ejbca root 3921 May 2 2011 database.properties.sample-rw------- 1 ejbca root 13859 May 2 2011 ejbca.properties.sample-rw------- 1 ejbca root 4344 Jun 22 2011 extendedkeyusage.properties-rw------- 1 ejbca root 3195 May 2 2011 externalra-gui.properties.sample-rw------- 1 ejbca root 1718 May 2 2011 externalra.properties.sample-rw------- 1 ejbca root 2755 May 2 2011 jaxws.properties.sample-rw------- 1 ejbca root 174 May 2 2011 jndi.properties.jboss-rw------- 1 ejbca root 243 May 2 2011 jndi.properties.oracle-rw------- 1 ejbca root 255 May 2 2011 jndi.properties.weblogic-rw------- 1 ejbca root 259 May 2 2011 jndi.properties.websphere-rw------- 1 ejbca root 1246 May 2 2011 log.properties.sample-rw------- 1 ejbca root 2407 May 2 2011 log4j.properties.sampledrwx------ 2 ejbca root 4096 May 2 2011 logdevices-rw------- 1 ejbca root 1731 May 2 2011 mail.properties.sample-rw------- 1 ejbca root 15048 May 2 2011 ocsp.properties.sample-rw------- 1 ejbca root 1374 May 2 2011 protection.properties.sample-rw------- 1 ejbca root 3775 May 2 2011 scep.properties.sample-rw------- 1 ejbca root 1787 May 2 2011 va-publisher.properties.sample-rw------- 1 ejbca root 2763 May 2 2011 va.properties.sample-rw------- 1 ejbca root 6401 May 2 2011 web.properties.sample-rw------- 1 ejbca root 2339 May 2 2011 xkms.properties.sample
Basic (installation) settings:vm0004:/usr/local/ejbca/conf # cp ejbca.properties.sample ejbca.propertiesCheck unchanged fields:vm0004:/usr/local/ejbca/conf # egrep "ca.name=|ca.dn=|ca.keyspec=|ca.keytype=|ca.signaturealgorithm=|ca.validity=|ca.policy=|ca.keystorepass=" ejbca.properties#ca.name=AdminCA1#ca.dn=CN=AdminCA1,O=EJBCA Sample,C=SE#ca.keyspec=2048#ca.keytype=RSA#ca.signaturealgorithm=SHA1WithRSA#ca.validity=3650#ca.policy=null#ca.keystorepass=foo123#ca.keystorepass=!secret!
vm0004:/usr/local/ejbca/conf # vi ejbca.properties
line 54: ca.name=AdminCAv1line 60: ca.dn=CN=AdminCAv1,O=minoss,C=NLline 93: ca.keyspec=4096line 96: ca.keytype=RSAline 101: ca.signaturealgorithm=SHA1WithRSAline 104: ca.validity=3650line 108: ca.policy=nullline 121: ca.keystorepass=ca123
Note: line numbers ally only to this release of ejbca!!!
quick check:Grep on the file:vm0004:/usr/local/ejbca/conf # egrep "ca.name=|ca.dn=|ca.keyspec=|ca.keytype=|ca.signaturealgorithm=|ca.validity=|ca.policy=|ca.keystorepass=" ejbca.propertiesca.name=AdminCAv1ca.dn=CN=AdminCAv1,O=minoss,C=NLca.keyspec=4096ca.keytype=RSAca.signaturealgorithm=SHA1WithRSAca.validity=3650ca.policy=nullca.keystorepass=ca123#ca.keystorepass=!secret!
vm0004:/usr/local/ejbca/conf # diff ejbca.properties.sample ejbca.properties54c54< #ca.name=AdminCA1---> ca.name=AdminCAv160c60< #ca.dn=CN=AdminCA1,O=EJBCA Sample,C=SE---> ca.dn=CN=AdminCAv1,O=minoss,C=NL93c93< #ca.keyspec=2048---> ca.keyspec=409696c96< #ca.keytype=RSA---> ca.keytype=RSA101c101< #ca.signaturealgorithm=SHA1WithRSA---> ca.signaturealgorithm=SHA1WithRSA104c104< #ca.validity=3650---> ca.validity=3650108c108< #ca.policy=null---> ca.policy=null121c121< #ca.keystorepass=foo123---> ca.keystorepass=ca123
Note: either way, check what you need to change and what you actually did..
Database definitions / settingsvm0004:/usr/local/ejbca/conf # cp database.properties.sample database.propertiesvm0004:/usr/local/ejbca/conf # egrep "^database.name=|^datasource.mapping=|^database.url=|^database.driver=|^database.username=|^database.password=" database.propertiesvm0004:/usr/local/ejbca/conf #
Note that the latest grep did produce any results!line 28: database.name=mysqlline 44: datasource.mapping=mySQLline 61: database.url=jdbc:mysql://127.0.0.1:3306/ejbcadbline 77: database.driver=com.mysql.jdbc.Driverline 90: database.username=ejbca-userline 94: database.password=mysql123
Note that line numbers are ejbca-release specific, there are here NO defaults.Note2 the deviation from default db-name and passwords!
quick check:vm0004:/usr/local/ejbca/conf # vi database.propertiesvm0004:/usr/local/ejbca/conf # egrep "^database.name=|^datasource.mapping=|^database.url=|^database.driver=|^database.username=|^database.password=" database.propertiesdatabase.name=mysqldatasource.mapping=mySQLdatabase.url=jdbc:mysql://127.0.0.1:3306/ejbcadb
database.driver=com.mysql.jdbc.Driverdatabase.username=ejbca-userdatabase.password=mysql123
vm0004:/usr/local/ejbca/conf # diff database.properties.sample database.properties28c28< #database.name=mysql---> database.name=mysql44c44< #datasource.mapping=mySQL---> datasource.mapping=mySQL61c61< #database.url=jdbc:mysql://127.0.0.1:3306/ejbca---> database.url=jdbc:mysql://127.0.0.1:3306/ejbcadb77c77< #database.driver=com.mysql.jdbc.Driver---> database.driver=com.mysql.jdbc.Driver90c90< #database.username=ejbca---> database.username=ejbca-user94c94< #database.password=ejbca---> database.password=mysql123
Web-page settings:vm0004:/usr/local/ejbca/conf # cp web.properties.sample web.propertiesvm0004:/usr/local/ejbca/conf # egrep "java.trustpassword=|superadmin.password=|httpsserver.password=|httpsserver.hostname=|httpsserver.dn=" web.propertiesjava.trustpassword=changeitsuperadmin.password=ejbcahttpsserver.password=serverpwdhttpsserver.hostname=localhosthttpsserver.dn=CN=${httpsserver.hostname},O=EJBCA Sample,C=SE
line 08: java.trustpassword=java123line 19: superadmin.password=superadmin123line 30: httpsserver.password=serverpwd123line 42: httpsserver.hostname=vm0004.minoss.nlline 46: httpsserver.dn=CN=${httpsserver.hostname},O=minoss,C=NL
Note, again lines are ejbca release specific!
vm0004:/usr/local/ejbca/conf # vi web.propertiesvm0004:/usr/local/ejbca/conf # egrep "java.trustpassword=|superadmin.password=|httpsserver.password=|httpsserver.hostname=|httpsserver.dn=" web.propertiesjava.trustpassword=java123superadmin.password=superadmin123httpsserver.password=serverpwd123httpsserver.hostname=vm0004.minoss.nlhttpsserver.dn=CN=${httpsserver.hostname},O=minoss,C=NL
Quick check:
vm0004:/usr/local/ejbca/conf # diff web.properties.sample web.properties8c8< java.trustpassword=changeit---> java.trustpassword=java12319c19< superadmin.password=ejbca---> superadmin.password=superadmin12330c30< httpsserver.password=serverpwd---> httpsserver.password=serverpwd12342c42< httpsserver.hostname=localhost
---> httpsserver.hostname=vm0004.minoss.nl46c46< httpsserver.dn=CN=${httpsserver.hostname},O=EJBCA Sample,C=SE---> httpsserver.dn=CN=${httpsserver.hostname},O=minoss,C=NL
Note, jot down the superadmin pwd, you need it later on.Note2 here it is important that the hostname in properly set and resolvable!
Stopping JBossCheck if it is running:vm0004:~ # ps -ef |grep -v grep | grep jboss
Change ownership of filesvm0004:~ # cd /usr/localvm0004:/usr/local # chown -R ejbca ejbca/vm0004:/usr/local # chown -R ejbca jboss/Note: don't omit the trailing slash
Cleaningvm0004:/usr/local # cd /usr/local/ejbcavm0004:/usr/local/ejbca # ant clean > $EIL/ant_clean.logNote the redirection of all default output, so you can read it later on.
Check result:vm0004:/usr/local/ejbca # tail -3 $EIL/ant_clean.log
BUILD SUCCESSFULTotal time: 1 second
Bootstrap vm0004:/usr/local/ejbca # ant bootstrap > $EIL/ant_bootstrap.log[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/tmp/preprocessed/deploy/jboss/client/bin/META-INF does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/tmp/preprocessed/deploy/jboss/client/bin/META-INF does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.
Note : unclear if missing directory is harmful.
Check result:vm0004:/usr/local/ejbca # tail -3 $EIL/ant_bootstrap.log
BUILD SUCCESSFULTotal time: 35 seconds
Check results:Some files should be created:vm0004:/usr/local/ejbca # ls -l /usr/local/jboss/server/default/deploy/ejbca*-rw------- 1 root root 3333 Nov 27 12:49 /usr/local/jboss/server/default/deploy/ejbca-ds.xml-rw------- 1 root root 2100 Nov 27 12:49 /usr/local/jboss/server/default/deploy/ejbca-mail-service.xml-rw-r--r-- 1 root root 38829685 Nov 27 12:49 /usr/local/jboss/server/default/deploy/ejbca.ear
Jboss starting for the first time
vm0004:~ # cd /usr/local/jbossvm0004:/usr/local/jboss # ./bin/run.sh > $EIL/JBoss_first_run.log
From other console, first couple of lines (showing proper opts)vm0004:~ # head -22 $EIL/JBoss_first_run.log=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /usr/local/jboss
JAVA: /usr/local/java/bin/java
JAVA_OPTS: -Dprogram.name=run.sh -server -Xmx512M -Xms512M -Djava.net.preferIPv4Stack=true
CLASSPATH: /usr/local/jboss/bin/run.jar:/usr/local/java/lib/tools.jar
=========================================================================
12:52:29,087 INFO [Server] Starting JBoss (MX MicroKernel)...12:52:29,088 INFO [Server] Release ID: JBoss [Trinity] 4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)12:52:29,088 INFO [Server] Home Dir: /usr/local/jboss-4.2.3.GA12:52:29,088 INFO [Server] Home URL: file:/usr/local/jboss-4.2.3.GA/12:52:29,089 INFO [Server] Patch URL: null12:52:29,089 INFO [Server] Server Name: default12:52:29,089 INFO [Server] Server Home Dir: /usr/local/jboss-4.2.3.GA/server/default12:52:29,089 INFO [Server] Server Home URL: file:/usr/local/jboss-4.2.3.GA/server/default/
Note the use of ENV's!
Last couple of lines:vm0004:~ # tail -5 $EIL/JBoss_first_run.log12:53:08,587 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/publicweb/webdist, warUrl=.../tmp/deploy/tmp1561310067787171531ejbca.ear-contents/webdist-exp.war/12:53:08,706 INFO [EARDeployer] Started J2EE application: file:/usr/local/jboss-4.2.3.GA/server/default/deploy/ejbca.ear12:53:08,809 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-127.0.0.1-808012:53:08,847 INFO [AjpProtocol] Starting Coyote AJP/1.3 on ajp-127.0.0.1-800912:53:08,856 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in 39s:765ms
The first run should have created DB-tables, Checking if DB has been initialized:vm0004:~ # mysql ejbcadb -u ejbca-user -pEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 9Server version: 5.5.25a-log Source distribution
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show tables;+-----------------------------+| Tables_in_ejbcadb |+-----------------------------+| AccessRulesData || AdminEntityData || AdminGroupData || AdminPreferencesData || ApprovalData || AuthorizationTreeUpdateData || CAData || CRLData || CertReqHistoryData || CertificateData || CertificateProfileData || EndEntityProfileData || GlobalConfigurationData |
| HardTokenCertificateMap || HardTokenData || HardTokenIssuerData || HardTokenProfileData || HardTokenPropertyData || KeyRecoveryData || LogConfigurationData || LogEntryData || ProtectedLogData || ProtectedLogExportData || ProtectedLogTokenData || PublisherData || PublisherQueueData || ServiceData || TableProtectData || UserData || UserDataSourceData |+-----------------------------+30 rows in set (0.01 sec)
mysql> mysql> exitBye
So the database can be reached and filled!
EJBCA ant install vm0004:~ # cd /usr/local/ejbcavm0004:/usr/local/ejbca # ant install > $EIL/ant_install.log[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.
Note: this take considerably longer.
Check on log file:vm0004:/usr/local/ejbca # tail -3 $EIL/ant_install.log
BUILD SUCCESSFULTotal time: 50 seconds
Stopping JBossCheck if it is running:vm0004:~ # ps -ef |grep -v grep | grep jbossroot 3408 3388 14 12:52 pts/0 00:01:12 /usr/local/java/bin/java -Dprogram.name=run.sh -server -Xmx512M -Xms512M -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/usr/local/jboss/lib/endorsed -classpath /usr/local/jboss/bin/vm0004:~ #
Stop it nicely:vm0004:~ # cd /usr/local/jbossvm0004:/usr/local/jboss # ./bin/shutdown.sh -SShutdown message has been posted to the server.Server shutdown may take a while - check logfiles for completion
last lines from logfile:vm0004:~ # tail -5 $EIL/JBoss_first_run.log13:02:51,544 INFO [MailService] Mail service 'java:/EjbcaMail' removed from JNDI13:02:51,653 INFO [TransactionManagerService] Stopping recovery manager13:02:51,730 INFO [Server] Shutdown completeShutdown completeHalting VM
Ejbca deployvm0004:/usr/local/ejbca # ant deploy > $EIL/ant_deploy.log[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/tmp/preprocessed/deploy/jboss/client/bin/META-INF does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/tmp/preprocessed/deploy/jboss/client/bin/META-INF does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.
[copy] Warning: /usr/local/ejbca_3_11_5/modules/conf does not exist.
Last lines from log file:vm0004:/usr/local/ejbca # tail -3 $EIL/ant_deploy.log
BUILD SUCCESSFULTotal time: 21 seconds
Further checks:vm0004:~ # ls -l /usr/local/jboss/server/default/conf/keystore/total 12-rw------- 1 root root 4529 Nov 27 13:04 keystore.jks-rw------- 1 root root 1423 Nov 27 13:04 truststore.jks
Observe date & time of the files...
Restart Jboss.vm0004:~ # cd /usr/local/jbossvm0004:/usr/local/jboss # ./bin/run.sh > $EIL/JBoss_second_run.log
Again, first lines:vm0004:~ # head -22 $EIL/JBoss_second_run.log=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /usr/local/jboss
JAVA: /usr/local/java/bin/java
JAVA_OPTS: -Dprogram.name=run.sh -server -Xmx512M -Xms512M -Djava.net.preferIPv4Stack=true
CLASSPATH: /usr/local/jboss/bin/run.jar:/usr/local/java/lib/tools.jar
=========================================================================
13:07:41,123 INFO [Server] Starting JBoss (MX MicroKernel)...13:07:41,124 INFO [Server] Release ID: JBoss [Trinity] 4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)13:07:41,125 INFO [Server] Home Dir: /usr/local/jboss-4.2.3.GA13:07:41,125 INFO [Server] Home URL: file:/usr/local/jboss-4.2.3.GA/13:07:41,126 INFO [Server] Patch URL: null13:07:41,126 INFO [Server] Server Name: default13:07:41,126 INFO [Server] Server Home Dir: /usr/local/jboss-4.2.3.GA/server/default13:07:41,126 INFO [Server] Server Home URL: file:/usr/local/jboss-4.2.3.GA/server/default/
Equally important: Last linesvm0004:~ # tail -22 $EIL/JBoss_second_run.log13:08:20,164 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/clearcache, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/clearcache-exp.war/13:08:20,215 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/publicweb, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/cmp-exp.war/13:08:20,259 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/doc, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/doc-exp.war/13:08:20,310 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/ejbcaws, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/ejbcaws-exp.war/13:08:20,430 ERROR [STDERR] Nov 27, 2012 1:08:20 PM com.sun.xml.ws.transport.http.servlet.WSServletContextListener contextInitializedINFO: WSSERVLET12: JAX-WS context listener initializing13:08:20,630 ERROR [STDERR] Nov 27, 2012 1:08:20 PM com.sun.xml.ws.transport.http.servlet.RuntimeEndpointInfoParser processWsdlLocationINFO: wsdl cannot be found from DD or annotation. Will generate and publish a new WSDL for SEI endpoints.13:08:22,059 ERROR [STDERR] Nov 27, 2012 1:08:22 PM com.sun.xml.ws.transport.http.servlet.WSServletDelegate initINFO: WSSERVLET14: JAX-WS servlet initializing13:08:22,076 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/publicweb/healthcheck, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/healthcheck-exp.war/13:08:22,167 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/publicweb/apply, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/scep-exp.war/13:08:22,235 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/publicweb/status, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/status-exp.war/13:08:22,329 INFO [OCSPServletBase] ExtensionOids not defined.13:08:22,329 INFO [OCSPServletBase] ExtensionClass not defined.13:08:22,386 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/publicweb/webdist, warUrl=.../tmp/deploy/tmp2274034470749155626ejbca.ear-contents/webdist-exp.war/13:08:22,523 INFO [EARDeployer] Started J2EE application: file:/usr/local/jboss-4.2.3.GA/server/default/deploy/ejbca.ear13:08:22,660 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
13:08:22,703 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-844213:08:22,744 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-844313:08:22,771 INFO [AjpProtocol] Starting Coyote AJP/1.3 on ajp-127.0.0.1-800913:08:22,790 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in 41s:662ms
Check on tcp-ports:vm0004:~ # lsof -i -P |egrep "8080|844"java 3812 root 135u IPv4 13925 0t0 TCP *:8442 (LISTEN)java 3812 root 136u IPv4 13926 0t0 TCP *:8443 (LISTEN)java 3812 root 157u IPv4 13924 0t0 TCP *:8080 (LISTEN)
Check results in DB:vm0004:~ # mysql ejbcadb -u ejbca-user -pEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 18Server version: 5.5.25a-log Source distribution
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> select * from AdminEntityData;+------------+------------+---------------+-----------+-----------+------------+-----------+------------------------------+| pK | rowVersion | rowProtection | matchWith | matchType | matchValue | cAId | AdminGroupData_adminEntities |+------------+------------+---------------+-----------+-----------+------------+-----------+------------------------------+| 329358376 | 0 | NULL | 11 | 2004 | UNUSED | 0 | 262714976 || 329358381 | 0 | NULL | 11 | 2001 | UNUSED | 0 | 262714976 || 329358382 | 0 | NULL | 11 | 2002 | UNUSED | 0 | 262714976 || 329358383 | 0 | NULL | 11 | 2003 | UNUSED | 0 | 262714976 || 1346258728 | 0 | NULL | 11 | 2000 | UNUSED | 0 | 577231548 || 2131783214 | 0 | NULL | 8 | 1001 | SuperAdmin | 749716675 | 852156581 |+------------+------------+---------------+-----------+-----------+------------+-----------+------------------------------+6 rows in set (0.01 sec)
mysql> exitBye
test transfer super end entity uservm0004:~ # ll /usr/local/ejbca/p12total 16-rw-r--r-- 1 root root 3566 Nov 27 12:59 superadmin.p12-rw-r--r-- 1 root root 4529 Nov 27 12:59 tomcat.jks-rw-r--r-- 1 root root 1423 Nov 27 12:59 truststore.jks
Store them on machine with browser.orion:~ # mkdir /root/ejbca/vm0004orion:~ # cd /root/ejbca/vm0004orion:~/ejbca/vm0004 # sftp 192.168.0.192Password: Connected to 192.168.0.192.sftp> cd /usr/local/ejbca/p12sftp> get superadmin.p12Fetching /usr/local/ejbca_3_11_5/p12/superadmin.p12 to superadmin.p12/usr/local/ejbca_3_11_5/p12/superadmin.p12 100% 3566 3.5KB/s 00:00 sftp> quitorion:~/ejbca/vm0004 #
Start firefoxTab “edit” � tab “preferences” � tab “Advanced” � tab “Encryption” � tab “view certificates” � tab “import � tab “your certificates” � tab “import” �tab “root” �folder “root” �
folder “ejbca” �folder “vm0004” � file “superadmin.p12”
If correct, prompted for password (the one you filled in /usr/local/ejbca/conf/web.properties)
enter “superadmin123”. You should get a pop-up with: ”Successfully restored your security certificate(s) and private key(s).”
Press “ok” twice to close firefox pop-ups.
Goto: https://vm0004.minoss.nl:8442/ejbca/ (admin)Goto: https://vm0004.minoss.nl:8443/ejbca/ (public)Important: Do not forget the trailing slash, otherwise you get an empty screen!
Although not all functions of the product are tested at this point, it looks like the installation was successful.