How to install EJBCA

EJBCA Installation Prerequisites

• EJBCA Community 6.15.2.1
  • https://sourceforge.net/projects/ejbca/files/ejbca6/ejbca_6_15_2_1/ejbca_ce_6_15_2_1.zip/download
• Quick Install Guide
  • https://download.primekey.se/docs/EJBCA-Enterprise/latest/Quick_Install_Guide.html
• Ubuntu 18.04 (Bionic Beaver)
  • https://ubuntu.com/download/desktop 
• VirtualBox 6.0
  • https://www.virtualbox.org/ 

EJBCA Install Instructions

For the most part this will be extracted from the link above provided by PrimeKey but there will be some small amendments. Most notably the amendments are related to a bug in the guide.

1. Install Ubuntu, and create a directory in the home of the user and name it “Opt”. In my example, I created a user called “user”, so the full path once the directory is created, is.

/home/user/Opt/

2. Run an update on the system to ensure everything is up to date and nothing is running on older legacy versions.

sudo apt-get update

3. Now install the prerequisites that PrimeKey recommend, see the command below.

sudo apt-get install unzip openjdk-8-jdk-headless ant ant-optional psmisc mariadb-client bc patch curl

4. Unfortunately by default java will run in a version that EJBCA will not co-operate with, so we need to change the java version running. To do this run the following command and the version will change to 1.8.

sudo update-java-alternatives --set java-1.8.0-openjdk-amd64

5. Next thing to do, is perform a check to ensure that java has changed or you’ll get errors later in the guide.

sudo java -version

6. Download EJBCA from the link above, move this to the directory we created /home/user/Opt/ in this example.
7. Unzip the EJBCA download and to the same location. You should now have a folder similar to /home/user/Opt/ejbca_xxxx
8. Install MariaDB, this is not included in the primekey guide, so perform the following.

sudo apt-get install mariadb-server

9. Once installed, we need to log into the mysql server running via mariadb. Once logged in, you will need to create a database and provide access to a set of credentials. See instructions below.

sudo mysql -u root -p

mysql> CREATE DATABASE ejbcatest CHARACTER SET utf8 COLLATE utf8_general_ci;

mysql> GRANT ALL PRIVILEGES ON ejbcatest.* TO 'ejbca'@'localhost' IDENTIFIED BY 'ejbca'

exit;

10. Ignoring step 4 in the PrimeKey instructions, because this is just a sample setup. We don’t need to configure any file for database password or user because they’re defaulted in there and the same as the above section, we have just done in mysql.

MAJOR BUG: https://jira.primekey.se/browse/ECA-8667

11. Now we need to detour from the EJBCA PrimeKey guide because there is a bug in the community version 6.15.2.1 being used here. We need to open a terminal and browse to the following location.

cd /home/user/Opt/ejbca_xxx/modules/

sudo nano build.xml

12. Browse through the file that has just opened, in nano and locate the section that starts naming targets. We need to amend the “Build the Sun P11 extension” section. In Nano to save time you could press ctrl+w and type Sun P11 and it will save you time finding it. Once found we need to update the line in the file to make this check optional.

Original:

<target name="cesecore-p11" description="Build the Sun P11 extension">

Change to:

<target name="cesecore-p11" description="Build the Sun P11 extension" if="build.cesecore.p11.jar">

13. Save the file. Now return to the /home/user/Opt/ directory.

cd /home/user/Opt/

14. Remain within this directory and run the following command. Do not run this as sudo or it will fail immediately.

./ejbca_ee_7_X_X_X/bin/extra/ejbca-setup.sh

15. A few minutes will pass and then hopefully you will be presented with a location for the P12 file, which is /home/user/Opt/ejbca_xxxx/p12/ and a password for its usage. These will be within the terminal and a local website address.
16. We need to import the .p12 file that has been created in to Firefox, so open the browser and then select edit > preferences. In the new window that appears look for privacy and security, then click on View Certificates. Click on the “Your Certificates” tab and then press the import tab.
17. In the import window that now appears, simply browse to the location of the .p12 file and select it. You may have to change the file type to “all files”. Once selected, a window will appear prompting for the password. Copy this from the terminal or notepad if you saved it and click ok.
18. Browse to the local address provided https://localhost:8443/ejbca/adminweb/ and you should see EJBCA load.

Note: When you restart Ubuntu, this will fail to load by default because the services are not running. To fix this you need to start up WildFly again and this can be done by the following.

cd /home/user/Opt/wildfly/bin/

19. Now you need to check that the file “standalone.sh” is in this directory and run it.

./standalone.sh

20. If you’re to be running this sample/example version of EJBCA over a longer period because you want to perform some thorough exploration, then the best thing to do is write a cron job to start the service as soon as the system loads. This can be done through the following commands.

21. Open cron – in a terminal type

crontab -e

22. In the screen that appears, scroll to the bottom and type

@reboot /home/user/Opt/wildfly/bin/standalone.sh

23. Save the file and then close.

24. Reboot the system and see if everything loads up normally.