Membuat PKI Certificate Authority(CA)

Setelah cukup lama mengolah server-server linux utuk segmentasi Internet Service Provider/IT seperti DNS,SMTP,Webserver,Radius,Proxy,Mysql,Routing,Bandwidth Management,dsb rasanya perlu dikembangkan ke hal lain yang masih seputar open sources dan bersifat enterprise.

Di Indonesia sedikit rasanya yang bermain dengan Public Key Infrastuktur yang dapat menghasilkan Certificate Authority(CA).  Untuk itu saya kembali berkutat tentang konsep dan teknik kriptografi kunci publik. Tentu hal ini ada motivasinya, kalau tidak dan hanya sebatas riset saja pastilah lupa lagi. Kalau kuliah di Departemen Teknik Informatika ITB materi ini ada pada bahan kuliah Kriptografi. Tapi hanya membahas secara umum definisi dan konsep-konsep saja. Implementasi/instalasinya sangat sedikit di internet, mungkin karena tidak tau manfaatnya atau mahal ilmunya pada sungkan nulis di internet. Untuk itulah saya mencoba berbagi melalui blog ini, apalagi masih berbau linux sangat sedap untuk di deploy pada server testing dan kemudian ke server produksi.

PKI adalah Public Key Infrastructure sebuah infrastruktur sekuriti yang diimplementasikan menggunakan konsep dan teknik kriptografi kunci publik.  Public Key tersebut akan diberikan sertifikat digital  oleh sebuah sistem/perusahaan CA (Certificate Authority) dan merupakan institusi terpecaya. Biasanya situs-situs perbankan seperti klikbca.com ib.bankmandiri.co.id dan lainnya memiliki sistem tersebut. Untuk perusahaan CA yang cukup terkenal seperti verisign.com thawte.com

Nah dalam tuorial ini saya membangun sistem Certificate Authority seperti yang dimiliki verisign.com thawte.com atau lainnnya yang dapat digunakan untuk sebuah perusahaan yang ingin memiliki sistem CA sendiri. Pengembangannya sampai implementasi Online Certificate Status Protocol(OCSP).

Software enterprise untuk PKI Certificate Authority adalah EJBCA (Enterprise Java Bean Certificate Authority) dibangun menggunakan J2EE technology. EJBCA dapat berfungsi sebagai unruk mengauthentikasi user dalam mengakses  intranet/extranet/internet resources, Secure communication with SSL servers and SSL clients, Smart card logon to Windows and/or Linux, Signing and encrypting email,VPN connections by issuing certificates to your VPN routers such as OpenVPN, Cisco, Juniper etc, Client VPN access with certificates in users VPN clients, Single sign-on by using a single certificate to secure logon to web applications, Creating signed documents, Issue citizen certificates for access to government resources, used in passports etc, Create CVCAs and DVs and issue CV certificates (CVC) to Document Verifiers and Inspection Systems for EU EAC ePassports. Konesp jaringannya bisa dilihat di images diatas. Nilai plusnya kita bisa menggunakan smart card pada PKI ini.

Kita mulai instalasi dan konfigurasi, software yang dibutuhkan :
-Sistem operasi Linux GNU Debian
-Java JDK 1.5 – Java 2 Platform Standard Development Kit.
-Apache Ant – Java Build Utility, used to compile and build Java programs.
-JBoss 4.0.5 – J2EE Application Server EJBCA download
-Mysql
-EJBCA dan OCSP external.
-OpenLDAP.
-OpenSSL.
-Apache Project.
-Apache mod_ssl.

Kondisi sistem operasi Linux Debian 5 sudah terinstall dengan update terakhir.

Install JAVA JDK ,Ant

ejbca:/home/gtoms# apt-get install openjdk-6-jdk ant ant-optional
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
ant-gcj ant-optional-gcj defoma fontconfig fontconfig-config gcj-4.3-base hicolor-icon-theme java-common libaccess-bridge-java libasound2 libatk1.0-0
libatk1.0-data libcairo2 libcups2 libdatrie0 libdirectfb-1.0-0 libexpat1 libfontconfig1 libfontenc1 libfreetype6 libgcj-bc libgcj-common libgcj9-0
libgcj9-0-awt libgcj9-jar libgif4 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libice-dev libice6 libjaxp1.3-java libjaxp1.3-java-gcj libjpeg62 liblcms1
libpango1.0-0 libpango1.0-common libpixman-1-0 libpng12-0 libpthread-stubs0 libpthread-stubs0-dev libsm-dev libsm6 libsysfs2 libthai-data libthai0
libtiff4 libts-0.0-0 libx11-dev libxau-dev libxcb-render-util0 libxcb-render0 libxcb-xlib0-dev libxcb1-dev libxcomposite1 libxcursor1 libxdamage1
libxdmcp-dev libxerces2-java libxerces2-java-gcj libxfixes3 libxfont1 libxft2 libxi6 libxinerama1 libxrandr2 libxrender1 libxt-dev libxt6 libxtst6
openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib rhino ttf-arphic-uming ttf-baekmuk ttf-bengali-fonts ttf-dejavu ttf-dejavu-core ttf-dejavu-extra
ttf-devanagari-fonts ttf-gujarati-fonts ttf-indic-fonts ttf-kannada-fonts ttf-kochi-gothic ttf-malayalam-fonts ttf-oriya-fonts ttf-punjabi-fonts
ttf-sazanami-mincho ttf-tamil-fonts ttf-telugu-fonts tzdata-java x-ttcidfont-conf x11proto-core-dev x11proto-input-dev x11proto-kb-dev xfonts-encodings
xfonts-utils xtrans-dev
Suggested packages:
ant-doc libbsf-java liboro-java libxalan2-java junit liblog4j1.2-java libregexp-java jython antlr libbcel-java libcommons-logging-java libjdepend-java
libgnumail-java libxml-commons-resolver1.1-java libcommons-net-java libjsch-java javacc defoma-doc dfontmgr psfontmgr equivs libasound2-plugins
cups-common libfreetype6-dev libgcj9-dbg librsvg2-common liblcms-utils ttf-kochi-mincho ttf-thryomanes ttf-arphic-gbsn00lp ttf-arphic-bsmi00lp
ttf-arphic-gkai00mp ttf-arphic-bkai00mp libxerces2-java-doc openjdk-6-demo openjdk-6-source icedtea-gcjwebplugin libnss-mdns sun-java6-fonts rhino-doc
xserver-xfree86 xserver xfs
Recommended packages:
libft-perl ca-certificates-java
The following NEW packages will be installed:
ant ant-gcj ant-optional ant-optional-gcj defoma fontconfig fontconfig-config gcj-4.3-base hicolor-icon-theme java-common libaccess-bridge-java
libasound2 libatk1.0-0 libatk1.0-data libcairo2 libcups2 libdatrie0 libdirectfb-1.0-0 libexpat1 libfontconfig1 libfontenc1 libfreetype6 libgcj-bc
libgcj-common libgcj9-0 libgcj9-0-awt libgcj9-jar libgif4 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libice-dev libice6 libjaxp1.3-java
libjaxp1.3-java-gcj libjpeg62 liblcms1 libpango1.0-0 libpango1.0-common libpixman-1-0 libpng12-0 libpthread-stubs0 libpthread-stubs0-dev libsm-dev libsm6
libsysfs2 libthai-data libthai0 libtiff4 libts-0.0-0 libx11-dev libxau-dev libxcb-render-util0 libxcb-render0 libxcb-xlib0-dev libxcb1-dev libxcomposite1
libxcursor1 libxdamage1 libxdmcp-dev libxerces2-java libxerces2-java-gcj libxfixes3 libxfont1 libxft2 libxi6 libxinerama1 libxrandr2 libxrender1
libxt-dev libxt6 libxtst6 openjdk-6-jdk openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib rhino ttf-arphic-uming ttf-baekmuk ttf-bengali-fonts
ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-devanagari-fonts ttf-gujarati-fonts ttf-indic-fonts ttf-kannada-fonts ttf-kochi-gothic
ttf-malayalam-fonts ttf-oriya-fonts ttf-punjabi-fonts ttf-sazanami-mincho ttf-tamil-fonts ttf-telugu-fonts tzdata-java x-ttcidfont-conf x11proto-core-dev
x11proto-input-dev x11proto-kb-dev xfonts-encodings xfonts-utils xtrans-dev
0 upgraded, 102 newly installed, 0 to remove and 2 not upgraded.
Need to get 125MB of archives.
After this operation, 320MB of additional disk space will be used.
Do you want to continue [Y/n]?

Get:1 http://kebo.vlsm.org lenny/main libice6 2:1.0.4-1 [46.6kB]
Get:2 http://security.debian.org lenny/updates/main openjdk-6-jre-lib 6b11-9.1+lenny2 [5271kB]
Get:3 http://kebo.vlsm.org lenny/main x11proto-core-dev 7.0.12-1 [89.6kB]
Get:4 http://kebo.vlsm.org lenny/main libice-dev 2:1.0.4-1 [55.1kB]
Get:5 http://kebo.vlsm.org lenny/main libsm6 2:1.0.3-2 [22.3kB]
Get:6 http://kebo.vlsm.org lenny/main libsm-dev 2:1.0.3-2 [24.7kB]
Get:7 http://kebo.vlsm.org lenny/main libxau-dev 1:1.0.3-3 [15.4kB]
Get:8 http://kebo.vlsm.org lenny/main libxdmcp-dev 1:1.0.2-3 [19.9kB]
Get:9 http://kebo.vlsm.org lenny/main x11proto-input-dev 1.4.3-2 [16.0kB]
Get:10 http://kebo.vlsm.org lenny/main x11proto-kb-dev 1.0.3-3 [27.1kB]
Get:11 http://kebo.vlsm.org lenny/main xtrans-dev 1.2-2 [75.4kB]
Get:12 http://security.debian.org lenny/updates/main libcups2 1.3.8-1+lenny8 [166kB]
Get:13 http://security.debian.org lenny/updates/main openjdk-6-jre-headless 6b11-9.1+lenny2 [23.6MB]
Get:14 http://kebo.vlsm.org lenny/main libpthread-stubs0 0.1-2 [2770B]
Get:15 http://kebo.vlsm.org lenny/main libpthread-stubs0-dev 0.1-2 [3048B]
Get:16 http://kebo.vlsm.org lenny/main libxcb1-dev 1.1-1.2 [77.7kB]
Get:17 http://kebo.vlsm.org lenny/main libxcb-xlib0-dev 1.1-1.2 [14.8kB]
Get:18 http://kebo.vlsm.org lenny/main libx11-dev 2:1.1.5-2 [1700kB]
—————————skip———————-
Setting up libjaxp1.3-java-gcj (1.3.04-3) …
Setting up libxerces2-java-gcj (2.9.1-2+lenny1) …
ejbca:/home/gtoms#

ejbca:/home/gtoms# java -version
java version “1.6.0_0”
OpenJDK  Runtime Environment (build 1.6.0_0-b11)
OpenJDK Client VM (build 1.6.0_0-b11, mixed mode, sharing)

ejbca:/home/gtoms# ant -version
Apache Ant version 1.7.0 compiled on April 29 2008

Setup Mysql
ejbca:/ejbca# apt-get install mysql-server
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libterm-readkey-perl mysql-client-5.0
mysql-common mysql-server-5.0 psmisc
Suggested packages:
dbishell libipc-sharedcache-perl libcompress-zlib-perl tinyca
The following NEW packages will be installed:
libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libterm-readkey-perl mysql-client-5.0
mysql-common mysql-server mysql-server-5.0 psmisc
0 upgraded, 12 newly installed, 0 to remove and 2 not upgraded.
Need to get 37.6MB of archives.
After this operation, 110MB of additional disk space will be used.
Do you want to continue [Y/n]?
————–skip————————–
Setting up mysql-server (5.0.51a-24+lenny3) …
ejbca:/ejbca#

Install mysql-connector-java

ejbca:/ejbca# apt-get install libmysql-java
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
libcommons-logging-java liblog4j1.2-java
The following NEW packages will be installed:
libmysql-java
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 718kB of archives.
After this operation, 791kB of additional disk space will be used.
Get:1 http://kebo.vlsm.org lenny/main libmysql-java 5.1.6+dfsg-1 [718kB]
Fetched 718kB in 24s (29.3kB/s)
Selecting previously deselected package libmysql-java.
(Reading database … 26278 files and directories currently installed.)
Unpacking libmysql-java (from …/libmysql-java_5.1.6+dfsg-1_all.deb) …
Setting up libmysql-java (5.1.6+dfsg-1) …
ejbca:/ejbca#

Setup EJBCA
ejbca:/home/gtoms# wget -c http://downloads.sourceforge.net/ejbca/ejbca_3_9_5.zip
–2010-03-25 11:55:37–  http://downloads.sourceforge.net/ejbca/ejbca_3_9_5.zip
Resolving downloads.sourceforge.net… 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: http://nchc.dl.sourceforge.net/project/ejbca/ejbca3/ejbca_3_9_5/ejbca_3_9_5.zip [following]
–2010-03-25 11:55:38–  http://nchc.dl.sourceforge.net/project/ejbca/ejbca3/ejbca_3_9_5/ejbca_3_9_5.zip
Resolving nchc.dl.sourceforge.net… 211.79.60.17, 2001:e10:ffff:1f02::17
Connecting to nchc.dl.sourceforge.net|211.79.60.17|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 48004954 (46M) [application/zip]
Saving to: `ejbca_3_9_5.zip’
59% [==================================>  ] 28,357,379   968K/s  eta 20s

Kita buat direktori /ejbca dan pindahkan ejbca_3_9_5.zip ke folder /ejbca

ejbca:/ejbca# unzip ejbca_3_9_5.zip
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/RegisterRequestType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/RegisterResultType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/ReissueRequestType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/ReissueResultType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/RequestAbstractType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/ResultType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/RevokeRequestType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/RevokeResultType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/StatusRequestType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/StatusResultType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/StatusType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/TimeInstantType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/UnverifiedKeyBindingType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/UseKeyWithType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/ValidateRequestType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/ValidateResultType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/ValidityIntervalType.java
inflating: ejbca_3_9_5/src/xkms/gen-java/org/w3/_2002/_03/xkms_/package-info.java
inflating: ejbca_3_9_5/src/xkms/ibm-web-bnd.xmi
inflating: ejbca_3_9_5/src/xkms/sun-jaxws.xml
inflating: ejbca_3_9_5/src/xkms/web.xml
inflating: ejbca_3_9_5/src/xkms/weblogic.xml
inflating: ejbca_3_9_5/src/xkms/wsdl/xkms.wsdl
inflating: ejbca_3_9_5/test.xmli
inflating: ejbca_3_9_5/xkms.xmli
inflating: ejbca_3_9_5/bin/ejbca.sh
inflating: ejbca_3_9_5/bin/extra/cronverify.sh
inflating: ejbca_3_9_5/bin/extra/sign-verify.sh
inflating: ejbca_3_9_5/bin/lunaHSM.sh
inflating: ejbca_3_9_5/bin/nCipherHSM.sh
inflating: ejbca_3_9_5/bin/nCipherJboss.sh
inflating: ejbca_3_9_5/bin/pkcs11HSM.sh
inflating: ejbca_3_9_5/doc/howto/ejbcafirewall.sh
inflating: ejbca_3_9_5/doc/howto/mk_openvpn_windows_installer.sh
inflating: ejbca_3_9_5/doc/howto/mysql-privileges.sh
inflating: ejbca_3_9_5/src/clientToolBox/ejbcaClientToolBox.sh
inflating: ejbca_3_9_5/src/jaxws/cli/cvcwscli.sh
inflating: ejbca_3_9_5/src/jaxws/cli/ejbcawsracli.sh
inflating: ejbca_3_9_5/src/xkms/cli/xkmscli.sh
inflating: ejbca_3_9_5/conf/extendedkeyusage.properties
ejbca:/ejbca#

ejbca:/ejbca# cd ejbca_3_9_5
ejbca:/ejbca/ejbca_3_9_5# ls
avk.xml  build.xml    cmptcp.xmli   conf  docs.xmli         jaxws.xmli  propertiesAndPaths.xmli  src         xkms.xmli
bin     Changelog.txt    compile.xmli  doc   externalra.xmli  lib     README              test.xmli

Download autoscripts.sh pada situs ejbca.org dan edit untuk menyesuaikan path dan environment lainnya agar dapat memudahkan instalasi berjalan lancar.
Instalasi JBOSS
ejbca:/ejbca/ejbca_3_9_5# groupadd jboss
ejbca:/ejbca/ejbca_3_9_5# useradd -s /bin/bash -d /home/jboss -m -g jboss jboss

ejbca:/home/gtoms# wget http://sourceforge.net/projects/jboss/files/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip/download
–2010-03-25 13:56:30–  http://sourceforge.net/projects/jboss/files/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip/download
Resolving sourceforge.net… 216.34.181.60
Connecting to sourceforge.net|216.34.181.60|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: http://downloads.sourceforge.net/project/jboss/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip?use_mirror=nchc [following]
–2010-03-25 13:56:32–  http://downloads.sourceforge.net/project/jboss/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip?use_mirror=nchc
Resolving downloads.sourceforge.net… 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: http://nchc.dl.sourceforge.net/project/jboss/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip [following]
–2010-03-25 13:56:32–  http://nchc.dl.sourceforge.net/project/jboss/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip
Resolving nchc.dl.sourceforge.net… 211.79.60.17, 2001:e10:ffff:1f02::17
Connecting to nchc.dl.sourceforge.net|211.79.60.17|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 133466607 (127M) [application/zip]
Saving to: `jboss-5.1.0.GA.zip’
100%[===================>] 133,466,607  966K/s   in 2m 26s
2010-03-25 14:03:35 (891 KB/s) – `jboss-5.1.0.GA.zip’ saved [133466607/133466607]

Selanjutnya lakukan langkah berikut ini  :

-mkdir /jboss
-chown jboss:jboss /jboss
-su jboss
-mkdir /jboss/510
-cd /jboss/510

jboss@ejbca:/jboss/510$ unzip /jboss/jboss-5.1.0.GA.zip
———————skip———————————–
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/WEB-INF/classes/org/jboss/jmx/adaptor/model/DomainData.class
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/WEB-INF/classes/org/jboss/jmx/adaptor/model/MBeanData.class
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/WEB-INF/jboss-web.xml
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/WEB-INF/web.xml
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/cluster/bootstrap.html
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/cluster/clusterView.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/cluster/index.html
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/displayMBeans.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/displayOpResult.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/filterView.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/genericError.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/images/logo.gif
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/index.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/inspectMBean.jsp
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/jboss.css
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-console.war/style_master.css
inflating: jboss-5.1.0.GA/server/web/deploy/jmx-invoker-service.xml
inflating: jboss-5.1.0.GA/server/web/deploy/security/security-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deploy/security/security-policies-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deploy/transaction-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/alias-deployers-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/ejb3.deployer/META-INF/ejb3-deployers-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/ejb3.deployer/META-INF/jpa-deployers-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/ejb3.deployer/jboss-ejb3-deployer.jar
inflating: jboss-5.1.0.GA/server/web/deployers/ejb3.deployer/jboss-ejb3-iiop.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/META-INF/MANIFEST.MF
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/META-INF/jboss-aspect-library-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/base-aspects.xml
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/jboss-aop-aspects.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/jboss-aspect-library.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/jrockit-pluggable-instrumentor.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-aop-jboss5.deployer/pluggable-instrumentor.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-jca.deployer/META-INF/jca-deployers-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/jboss-jca.deployer/jboss-jca-deployer.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jbossweb.deployer/META-INF/jboss-structure.xml
inflating: jboss-5.1.0.GA/server/web/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/jbossweb.deployer/jboss-web-deployer.jar
inflating: jboss-5.1.0.GA/server/web/deployers/jbossweb.deployer/web.xml
inflating: jboss-5.1.0.GA/server/web/deployers/metadata-deployer-jboss-beans.xml
inflating: jboss-5.1.0.GA/server/web/deployers/security-deployer-jboss-beans.xml
jboss@ejbca:/jboss/510$

jboss@ejbca:/jboss/510$ bin/run.sh -b 0.0.0.0
===================================
JBoss Bootstrap Environment
JBOSS_HOME: /jboss/510
JAVA: java
JAVA_OPTS: -Dprogram.name=run.sh -Xms128m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true
LASSPATH: /jboss/510/bin/run.jar

========================================================
14:15:47,893 INFO  [ServerImpl] Starting JBoss (Microcontainer)…
14:15:47,896 INFO  [ServerImpl] Release ID: JBoss [The Oracle] 5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221053)
14:15:47,897 INFO  [ServerImpl] Bootstrap URL: null
14:15:47,897 INFO  [ServerImpl] Home Dir: /jboss/510
14:15:47,898 INFO  [ServerImpl] Home URL: file:/jboss/510/
14:15:47,898 INFO  [ServerImpl] Library URL: file:/jboss/510/lib/
14:15:47,900 INFO  [ServerImpl] Patch URL: null
14:15:47,901 INFO  [ServerImpl] Common Base URL: file:/jboss/510/common/
14:15:47,901 INFO  [ServerImpl] Common Library URL: file:/jboss/510/common/lib/
14:15:47,901 INFO  [ServerImpl] Server Name: default
14:15:47,901 INFO  [ServerImpl] Server Base Dir: /jboss/510/server
14:15:47,902 INFO  [ServerImpl] Server Base URL: file:/jboss/510/server/
14:15:47,902 INFO  [ServerImpl] Server Config URL: file:/jboss/510/server/default/conf/
14:15:47,902 INFO  [ServerImpl] Server Home Dir: /jboss/510/server/default
14:15:47,902 INFO  [ServerImpl] Server Home URL: file:/jboss/510/server/default/
14:15:47,902 INFO  [ServerImpl] Server Data Dir: /jboss/510/server/default/data
14:15:47,903 INFO  [ServerImpl] Server Library URL: file:/jboss/510/server/default/lib/
14:15:47,903 INFO  [ServerImpl] Server Log Dir: /jboss/510/server/default/log
14:15:47,903 INFO  [ServerImpl] Server Native Dir: /jboss/510/server/default/tmp/native
14:15:47,903 INFO  [ServerImpl] Server Temp Dir: /jboss/510/server/default/tmp
14:15:47,904 INFO  [ServerImpl] Server Temp Deploy Dir: /jboss/510/server/default/tmp/deploy
14:15:49,374 INFO  [ServerImpl] Starting Microcontainer, bootstrapURL=file:/jboss/510/server/default/conf/bootstrap.xml
14:15:50,739 INFO  [VFSCacheFactory] Initializing VFSCache [org.jboss.virtual.plugins.cache.CombinedVFSCache]
14:15:50,746 INFO  [VFSCacheFactory] Using VFSCache [CombinedVFSCache[real-cache: null]]
14:15:51,473 INFO  [CopyMechanism] VFS temp dir: /jboss/510/server/default/tmp
14:15:51,475 INFO  [ZipEntryContext] VFS force nested jars copy-mode is enabled.
14:15:54,103 INFO  [ServerInfo] Java version: 1.6.0_0,Sun Microsystems Inc.
14:15:54,103 INFO  [ServerInfo] Java Runtime: OpenJDK  Runtime Environment (build 1.6.0_0-b11)
14:15:54,103 INFO  [ServerInfo] Java VM: OpenJDK Client VM 1.6.0_0-b11,Sun Microsystems Inc.
14:15:54,103 INFO  [ServerInfo] OS-System: Linux 2.6.26-2-686,i386
14:15:54,105 INFO  [ServerInfo] VM arguments: -Dprogram.name=run.sh -Xms128m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/jboss/510/lib/endorsed
14:15:54,186 INFO  [JMXKernel] Legacy JMX core initialized
14:15:58,522 INFO  [ProfileServiceBootstrap] Loading profile: ProfileKey@c9f93f[domain=default, server=default, name=default]
14:16:02,716 INFO  [WebService] Using RMI server codebase: http://localhost:8083/

14:16:17,240 INFO  [NativeServerConfig] JBoss Web Services – Stack Native Core
14:16:17,240 INFO  [NativeServerConfig] 3.1.2.GA
14:16:18,875 INFO  [AttributeCallbackItem] Owner callback not implemented.
14:16:22,515 INFO  [LogNotificationListener] Adding notification listener for logging mbean “jboss.system:service=Logging,type=Log4jService” to server org.jboss.mx.server.MBeanServerImpl@76458f[ defaultDomain=’jboss’ ]
14:16:46,662 INFO  [Ejb3DependenciesDeployer] Encountered deployment
—————–skip———————————-
14:17:13,249 INFO  [TomcatDeployment] deploy, ctxPath=/admin-console
14:17:13,397 INFO  [config] Initializing Mojarra (1.2_12-b01-FCS) for context ‘/admin-console’
14:17:21,683 INFO  [TomcatDeployment] deploy, ctxPath=/
14:17:21,814 INFO  [TomcatDeployment] deploy, ctxPath=/jmx-console
14:17:21,982 INFO  [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
14:17:22,042 INFO  [AjpProtocol] Starting Coyote AJP/1.3 on ajp-0.0.0.0-8009
14:17:22,062 INFO  [ServerImpl] JBoss (Microcontainer) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221053)] Started in 1m:34s:154ms

ejbca:/home/gtoms# netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:3873            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:1090            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:42403           0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:4712            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:4713            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:4457            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:1098            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      17160/mysqld
tcp        0      0 0.0.0.0:1099            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1617/portmap
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:54960           0.0.0.0:*               LISTEN      17494/java
tcp        0      0 127.0.0.1:42289         0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:8083            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:54068           0.0.0.0:*               LISTEN      1628/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2708/sshd
tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:4445            0.0.0.0:*               LISTEN      17494/java
tcp        0      0 0.0.0.0:4446            0.0.0.0:*               LISTEN      17494/java
tcp6       0      0 :::22                   :::*                    LISTEN      2708/sshd
udp        0      0 0.0.0.0:956             0.0.0.0:*                           1628/rpc.statd
udp        0      0 0.0.0.0:47311           0.0.0.0:*                           1628/rpc.statd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1617/portmap

ejbca:/home/gtoms# mkdir /var/tmp/jboss
ejbca:/home/gtoms# chown jboss:jboss /var/tmp/jboss/
ejbca:/home/gtoms# su jboss
jboss@ejbca:/home/gtoms$ mkdir /var/tmp/jboss/510
jboss@ejbca3:/home/gtoms$ mkdir /var/tmp/jboss/510/tmp
jboss@ejbca:/home/gtoms$ mkdir /var/tmp/jboss/510/work

jboss@ejbca:/home/gtoms$ cd /jboss/510/server/default
jboss@ejbca:/jboss/510/server/default$ rm -R tmp
jboss@ejbca:/jboss/510/server/default$ rm -R work
jboss@ejbca:/jboss/510/server/default$ ln -s /var/tmp/jboss/510/tmp ./tmp
jboss@ejbca:/jboss/510/server/default$ ln -s /var/tmp/jboss/510/work ./work

jboss@ejbca:/jboss/510/server/default$ ls -l /jboss/510/server/default
total 24
drwxr-xr-x  6 jboss jboss 4096 2009-05-22 11:03 conf
drwxr-xr-x  5 jboss jboss 4096 2010-03-25 14:17 data
drwxr-xr-x 15 jboss jboss 4096 2009-05-22 11:03 deploy
drwxr-xr-x 12 jboss jboss 4096 2009-05-22 11:03 deployers
drwxr-xr-x  2 jboss jboss 4096 2009-05-22 11:02 lib
drwxr-xr-x  2 jboss jboss 4096 2010-03-25 14:16 log
lrwxrwxrwx  1 jboss jboss   22 2010-03-25 14:29 tmp -> /var/tmp/jboss/510/tmp
lrwxrwxrwx  1 jboss jboss   23 2010-03-25 14:30 work -> /var/tmp/jboss/510/work

– cp /jboss/bin/jboss_init_redhat.sh ke /etc/init.d/

ejbca:/home/gtoms# update-rc.d jboss defaults
update-rc.d: warning: /etc/init.d/jboss missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/jboss …
/etc/rc0.d/K20jboss -> ../init.d/jboss
/etc/rc1.d/K20jboss -> ../init.d/jboss
/etc/rc6.d/K20jboss -> ../init.d/jboss
/etc/rc2.d/S20jboss -> ../init.d/jboss
/etc/rc3.d/S20jboss -> ../init.d/jboss
/etc/rc4.d/S20jboss -> ../init.d/jboss
/etc/rc5.d/S20jboss -> ../init.d/jboss

Compile EJBCA

ejbca:/ejbca# ./autoscripts.sh
./autoscripts.sh aka, I’ll do all for you if you answer my questions first-tool

We’ll need your MySQL admin username to setup the database for you?
mysql-admin-root [root]>root

We’ll need your MySQL admin pass to setup the database for you?
mysql-admin-pass []>asyx

What is the MySQL hostname?
mysql-serverhostname [localhost]>localhost

What do you want the ejbca db to be called?
mysql-ejbca-dbname [ejbca]>ejbca

Select a MySQL ejbca username used to connect to the database from ejbca
mysql-ejbca-user []>root

Select a MySQL ejbca pass used to connect to the database from ejbca
mysql-ejbca-pass [ejbca]>asyx

What do you want the ejbca adminca to be called ?
ejbca-adminca-commonname [MyEjbca]>MyEjbca

What is the ejbca admin CA organisation?
ejbca-org [EJBCA in Debian]>EJBCA in Asyx Testing

What is the ejbca admin CA country (SE,US,ORG)?
ejbca-country [org]>org

What is the ejbca hostname (server.foo.com)?
ejbca-servername [localhost]>localhost

Do you want to see verbose output?
verbose-output y/n [y]>y

database ejbca does already exist, do you want to start fresh (I’ll delete it and add a new …)?
drop-old-db y/n [y]>y
Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.

Do you really want to drop the ‘ejbca’ database [y/N] y
Database “ejbca” dropped

creating ejbca mysql db: ok

creating ejbca-mysql user: ok

changeing owner of installed files: ok
installing MySQL java connector in jboss: ok

applying your options to the *.properties files: ok

setting up jboss user to have a shell: usermod: no changes
ok

JBOSS_CMD_START = cd /jboss/510/bin; /jboss/510/bin/run.sh -c default

Exception in thread “main” javax.management.RuntimeMBeanException
at org.jboss.mx.interceptor.ReflectedDispatcher.handleInvocationExceptions(ReflectedDispatcher.java:180)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:165)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.jmx.connector.invoker.InvokerAdaptorService.invoke(InvokerAdaptorService.java:263)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:138)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:90)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:140)
at org.jboss.jmx.connector.invoker.SerializableInterceptor.invoke(SerializableInterceptor.java:74)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:90)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:855)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:422)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
at sun.rmi.transport.Transport$1.run(Transport.java:177)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:173)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)

——————skip————————–

[echo] JBoss 5.0.x uses SunRI JSF implementation
jboss42targetcheck:
jboss42jsfimpl:
jboss40targetcheck:
jboss40jsfimpl:
[echo] JBoss 4.0.x uses Apache Myfaces JSF implementation
glassfishjsfimpl:
weblogicjsfimpl:
oc4jjsfimpl:
webspheretargetcheck:
webspherejsfimpl:
set.jsfimpl:
j2ee:check:
[echo] Using appserver.home : /jboss/510

init:
[echo]
[echo] ———- EJBCA 3.9.5 (r8689) CONFIGURATION PROPERTIES ———-
[echo] appserver.type           = jboss
[echo] appserver.home           = /jboss/510
[echo] java.ver                 = 15
[echo] ca.keystorepass          = foo123
[echo] ca.ocspkeystorepass      = foo123
[echo] ca.xkmskeystorepass      = foo123
[echo] ca.cmskeystorepass       = foo123
[echo] ca.serialnumberoctetsize = 8
[echo] ca.toolateexpiredate     =
[echo] ocsp.defaultresponder    = CN=AdminCA1,O=EJBCA Sample,C=SE
[echo] ocsp.usecasigningcert    = true
[echo] ocsp.signaturealgorithm  = SHA1WithRSA;SHA1WithECDSA;SHA1WithDSA
[echo] datasource.jndi-name     = EjbcaDS
[echo] datasource.jndi-name-prefix = java:/
[echo] database.name            = hsqldb
[echo] datasource.mapping       = Hypersonic SQL
[echo] database.url             = jdbc:hsqldb:${jboss.server.data.dir}${/}hypersonic${/}localDB
[echo] database.driver          = org.hsqldb.jdbcDriver
[echo] database.username        = sa
[echo] database.password        =
[echo] weblogic-oracle-columntype =
[echo] mail.jndi-name           = java:/EjbcaMail
[echo] mail.from                = ejbca-donotreply@domain.com
[echo] mail.subject             = Retrieve your certificate
[echo] mail.message             = Hello ${CN}${NL}${NL} This is a notification. ${NL}${NL} Your username: ${USERNAME}${NL} password: ${PASSWORD}${NL}${NL} Your are NOT supposed to go and fetch your certificate, this is only a test.
[echo] mail.user                = ejbca_user
[echo] mail.password            = primekey
[echo] mail.smtp.host           = localhost
[echo] mail.smtp.auth           = false
[echo] mail.debug               = false
[echo] httpserver.pubhttp       = 8080
[echo] httpserver.pubhttps      = 8442
[echo] httpserver.privhttps     = 8443
[echo] httpsserver.hostname     = localhost
[echo] httpsserver.password     = serverpwd
[echo] web.availablelanguages   = EN,FR,IT,ES,SE,ZH,DE,PT,PT_BR
[echo] web.contentencoding      = UTF-8
[echo] web.jsfimpl              = sunri
[echo] web.docbaseuri           = internal
[echo] web.renewalenabled       = false
[echo] ejbcaws.enabled          = true
[echo] intresources.preferredlanguage   = EN
[echo] intresources.secondarylanguage   = SE
[echo] hardtoken.diplaysensitiveinfo    = true
[echo] log.maxqueryrowcount             = 1000
[echo] approval.defaultrequestvalidity  = 28800
[echo] approval.defaultapprovalvalidity = 28800
[echo] approval.excludedClasses         =
[echo] logging.log4j.config             = false
[echo] cmp.allowraverifypopo           = false
[echo] cmp.defaultca                   =
[echo] cmp.extractusernamecomponent    =
[echo] cmp.operationmode               = normal
[echo] cmp.responseprotection          = signature
[echo] cmp.ra.authenticationsecret     =
[echo] cmp.ra.namegenerationscheme     = DN
[echo] cmp.ra.namegenerationparameters = CN
[echo] cmp.ra.namegenerationprefix     =
[echo] cmp.ra.namegenerationpostfix    =
[echo] cmp.ra.endentityprofile         = EMPTY
[echo] cmp.ra.certificateprofile       = ENDUSER
[echo] cmp.ra.caname                   = AdminCA1
[echo] cmp.tcp.enabled                 = false
[echo] cmp.tcp.portno                  = 829
[echo] cmp.tcp.logdir                  = ./log
[echo] cmp.tcp.conffile                =
[echo] jaxws.approval.gethardtoken     = true
[echo] jaxws.approval.gentokencerts    = true
[echo] jaxws.numberofrequiredapprovals = 1
[echo] jaxws.noauthonfetchuserdata     = false
[echo] jaxws.gentokens.setmslogononhold= false
[echo] xkms.enabled                    = true
[echo] xkms.keyusage.signatureisnonrep = true
[echo] xkms.request.requiresignature   = false
[echo] xkms.request.acceptedcas        = AdminCA1
[echo] xkms.respose.acceptsignrequest  = true
[echo] xkms.response.alwayssign        = false
[echo] xkms.response.causedforsigning  = AdminCA1
[echo] xkms.keyusage.signatureisnonrep = true
[echo] xkms.serviceport                = 8080
[echo] xkms.krss.poprequired           = true
[echo] xkms.krss.servergenkeylength    = 1024
[echo] xkms.krss.allowrevokation       = true
[echo] xkms.krss.allowautomaticreissue = false
[echo]
preprocess.luna:

preprocess:
[copy] Copying 1 file to /ejbca/tmp/bin/dd/META-INF
[copy] Warning: Could not find file /ejbca/tmp/preprocessed/deploy/sun/sun-cmp-mappings-hsqldb.xml to copy.
[copy] Warning: Could not find file /ejbca/tmp/preprocessed/deploy/sun/schema/hsqldb/ejbca-ejb.dbschema to copy.
[copy] Copying 1 file to /ejbca/tmp/bin/dd/WEB-INF
[copy] Copying 1 file to /ejbca/tmp/bin/dd/WEB-INF
[copy] Warning: /ejbca/tmp/preprocessed/deploy/jboss/client/bin/META-INF not found.
[copy] Warning: /ejbca/tmp/preprocessed/deploy/jboss/client/bin/META-INF not found.
[delete] Deleting: /ejbca/tmp/preprocessed/intresources/intresources.fr.properties
[native2ascii] Converting 1 file from /ejbca/src/intresources to /ejbca/tmp/preprocessed/intresources

run-xdoc:
[copy] Warning: /ejbca/tmp/preprocessed/deploy/ejb/merge/hsqldb not found.
[ejbdoclet] (XDocletMain.start                   48  ) Running <remoteinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <homeinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <localinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <localhomeinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <entitypk/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <session/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <jboss/>
[webdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[webdoclet] Generating web.xml.
[webdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[webdoclet] Generating web.xml.
[webdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[webdoclet] Generating web.xml.
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

wls-dd-postprocess:
dd-postprocess:
compile:
[copy] Copying 1 file to /ejbca/tmp/bin/classes
mptcpserviceconditioncheck:
jbosscmptcpclasspathset:
jbosscmptcpclasspathunset:
jbosscmptcpclasspath:
ejbca-ejb.jar:
[jar] Building jar: /ejbca/dist/ejbca-ejb.jar
publicweb.war:
renew.war:
scep.war:
webdist.war:
status.war:
[war] Building war: /ejbca/dist/status.war
cmp.war:
[war] Building war: /ejbca/dist/cmp.war
healthcheck.war:
adminweb.war:
[native2ascii] Converting 9 files from /ejbca/tmp/preprocessed/adminweb/languages to /ejbca/tmp/adminweb.war/languages
[native2ascii] Converting 1 file from /ejbca/tmp/preprocessed/adminweb/languages to /ejbca/tmp/adminweb.war/languages
[copy] Copying 3 files to /ejbca/tmp/adminweb.war/WEB-INF
[jasper2] log4j:WARN No appenders could be found for logger (org.apache.jasper.compiler.JspRuntimeContext).
[jasper2] log4j:WARN Please initialize the log4j system properly.
[war] Building war: /ejbca/dist/adminweb.war
ejbca-util.jar:
ejbcawsconditioncheck:
ws.init:
ws.build:
[echo] ejbca: /ejbca/build.xml
jaxwslibspre:
[delete] Deleting directory /ejbca/tmp/jaxws/lib
[mkdir] Created dir: /ejbca/tmp/jaxws/lib
jaxwslibsstd:
[copy] Copying 19 files to /ejbca/tmp/jaxws/lib
jaxwslibswebsphere:
jaxwslibs:
ejbcaws.war:
[copy] Copying 1 file to /ejbca/tmp/jaxws
[copy] Warning: Could not find file /ejbca/src/jaxws/jboss/web.xml to copy.
[war] Building war: /ejbca/dist/ejbcaws.war
ws.build.client:
ejbcaws.client:
xkmsconditioncheck:
xkms.init:
xkms.build:
xkms.war:
xkms.build.client:
xkms.client:
doc.war:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
prepare:
prepare-error:
doc:
[anakia] Transforming into: /ejbca/tmp/htdocs
ca.ear:
[ear] Building ear: /ejbca/dist/ejbca.ear
ejbca.ear:
build:
jbosscmptcplistener:
buildwithcmptcpservice:
deploy:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
externalraconditioncheck:
externalra.deploy:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
j2ee:check:
[echo] Using appserver.home : /jboss/510
j2ee:web-configure:
j2ee:configure:
j2ee:deployBase:
[copy] Copying 2 files to /jboss/510/server/default/deploy
[copy] Copying 1 file to /jboss/510/server/default/deploy
j2ee:deploy:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
showtime:
[echo] Task completed 2010-03-25 22:47:12 +0700.

BUILD SUCCESSFUL
Total time: 1 minute 4 seconds
ok

running ejbca install: Buildfile: build.xml
[echo] No custom changes to merge.
Trying to override old definition of task apt
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

install:
check:bootstrapdone:
ejbca:noprompt:
ejbca:prompt:
[input] skipping input as property ca.name has already been set.
[input] Please enter the CA dn (default: CN=AdminCA1,O=EJBCA Sample,C=SE) ? [CN=AdminCA1,O=EJBCA Sample,C=SE]

ejbca:prompt:
[input] skipping input as property ca.name has already been set.
[input] Please enter the CA dn (default: CN=AdminCA1,O=EJBCA Sample,C=SE) ? [CN=AdminCA1,O=EJBCA Sample,C=SE]

[input] Please enter the CA key type (default: RSA) ? [RSA]
[input] Please enter the CA key spec (default: 2048) ? [2048]
[input] Please enter the CA signature algorithm (default: SHA1WithRSA) ? [SHA1WithRSA]
[input] Please enter the CA validity in days (default: 3650) ? [3650]
[input] Please enter the CA policy id (default, no policy) ? [null]
[input] Please enter the server hostname (default ‘localhost’) ? [localhost]

[input] Please enter the if superadmin keystore should be batched (default: true) ? [true]

[input] skipping input as property httpsserver.password has already been set.
[input] skipping input as property java.trustpassword has already been set.

ejbca:init:
[echo]
[echo] ——————- CA Properties —————-
[echo] ca.name                : AdminCA1
[echo] ca.dn                  : CN=AdminCA1,O=EJBCA Sample,C=SE
[echo] ca.tokentype           : soft
[echo] ca.tokenpassword       : null
[echo] ca.keytype             : RSA
[echo] ca.keyspec             : 2048
[echo] ca.signaturealgorithm  : SHA1WithRSA
[echo] ca.validity            : 3650
[echo] ca.policy              : null
[echo] ca.tokenproperties     :
[echo] httpsserver.hostname   : localhost
[echo] httpsserver.dn         : CN=localhost,O=EJBCA Sample,C=SE
[echo] httpsserver.password   : serverpwd
[echo] superadmin.dn          : CN=SuperAdmin
[echo] superadmin.password    : ejbca
[echo] superadmin.batch       : true
[echo] java.trustpassword     : changeit
[echo] appserver.home         : /jboss/510
[echo]

ejbca:install:
[echo] Initializing CA with AdminCA1 ‘CN=AdminCA1,O=EJBCA Sample,C=SE’ soft null 2048 RSA 3650 null SHA1WithRSA …
[echo] ca init “AdminCA1” “CN=AdminCA1,O=EJBCA Sample,C=SE” soft null 2048 RSA 3650 null SHA1WithRSA
[java] Initializing CA
[java] Generating rootCA keystore:
[java] CA name: AdminCA1
[java] DN: CN=AdminCA1,O=EJBCA Sample,C=SE
[java] CA token type: soft
[java] CA token password: hidden
[java] Keytype: RSA
[java] Keyspec: 2048
[java] Validity (days): 3650
[java] Policy ID: null
[java] Signature alg: SHA1WithRSA
[java] CA token properties: null
[java] Signed by: self signed
[java] Initalizing Temporary Authorization Module.
[java] Creating CA…
[java] CAId for created CA: -1688117755
[java] -Created and published initial CRL.
[java] CA initialized

ejbca:adminweb:
[echo] setup setdefaultbaseurl localhost ejbca
[echo] ra adduser tomcat serverpwd “CN=localhost,O=EJBCA Sample,C=SE” “IPAddress=127.0.0.1” “AdminCA1” null 1 JKS SERVER
[java] Using certificate profile: SERVER, with id: 9
[java] Trying to add user:
[java] Username: tomcat
[java] Password (hashed only): serverpwd
[java] DN: CN=localhost,O=EJBCA Sample,C=SE
[java] CA Name: AdminCA1
[java] SubjectAltName: IPAddress=127.0.0.1
[java] Email: null
[java] Type: 1
[java] Token: JKS
[java] Certificate profile: 9
[java] End entity profile: 1
[java] User ‘tomcat’ has been added.
[java]
[java] Note: If batch processing should be possible,
[java] also use ‘ra setclearpwd tomcat <pwd>’.
[echo] ra setclearpwd tomcat serverpwd
[java] Setting clear text password serverpwd for user tomcat
[echo] ra adduser superadmin ejbca “CN=SuperAdmin” null “AdminCA1” null 65 P12

[echo] approval.defaultapprovalvalidity = 28800
[echo] approval.excludedClasses         =
[echo] logging.log4j.config             = false
[echo] cmp.allowraverifypopo           = false
[echo] cmp.defaultca                   =
[echo] cmp.extractusernamecomponent    =
[echo] cmp.operationmode               = normal
[echo] cmp.responseprotection          = signature
[echo] cmp.ra.authenticationsecret     =
[echo] cmp.ra.namegenerationscheme     = DN
[echo] cmp.ra.namegenerationparameters = CN
[echo] cmp.ra.namegenerationprefix     =
[echo] cmp.ra.namegenerationpostfix    =
[echo] cmp.ra.endentityprofile         = EMPTY
[echo] cmp.ra.certificateprofile       = ENDUSER
[echo] cmp.ra.caname                   = AdminCA1
[echo] cmp.tcp.enabled                 = false
[echo] cmp.tcp.portno                  = 829
[echo] cmp.tcp.logdir                  = ./log
[echo] cmp.tcp.conffile                =
[echo] jaxws.approval.gethardtoken     = true
[echo] jaxws.approval.gentokencerts    = true
[echo] jaxws.numberofrequiredapprovals = 1
[echo] jaxws.noauthonfetchuserdata     = false
[echo] jaxws.gentokens.setmslogononhold= false
[echo] xkms.enabled                    = true
[echo] xkms.keyusage.signatureisnonrep = true
[echo] xkms.request.requiresignature   = false
[echo] xkms.request.acceptedcas        = AdminCA1
[echo] xkms.respose.acceptsignrequest  = true
[echo] xkms.response.alwayssign        = false
[echo] xkms.response.causedforsigning  = AdminCA1
[echo] xkms.keyusage.signatureisnonrep = true
[echo] xkms.serviceport                = 8080
[echo] xkms.krss.poprequired           = true
[echo] xkms.krss.servergenkeylength    = 1024
[echo] xkms.krss.allowrevokation       = true
[echo] xkms.krss.allowautomaticreissue = false
[echo]
preprocess.luna:

preprocess:
[echo] Ignore warnings about ‘Couldn’t find file’ during preprocessing
[copy] Copying 1 file to /ejbca/tmp/bin/dd/META-INF
[copy] Warning: Could not find file /ejbca/tmp/preprocessed/deploy/sun/sun-cmp-mappings-hsqldb.xml to copy.
[copy] Warning: Could not find file /ejbca/tmp/preprocessed/deploy/sun/schema/hsqldb/ejbca-ejb.dbschema to copy.
[copy] Copying 1 file to /ejbca/tmp/bin/dd/WEB-INF
[copy] Copying 1 file to /ejbca/tmp/bin/dd/WEB-INF
[copy] Warning: /ejbca/tmp/preprocessed/deploy/jboss/client/bin/META-INF not found.
[copy] Warning: /ejbca/tmp/preprocessed/deploy/jboss/client/bin/META-INF not found.
[delete] Deleting: /ejbca/tmp/preprocessed/intresources/intresources.fr.properties
[native2ascii] Converting 1 file from /ejbca/src/intresources to /ejbca/tmp/preprocessed/intresources

run-xdoc:
[copy] Warning: /ejbca/tmp/preprocessed/deploy/ejb/merge/hsqldb not found.
[ejbdoclet] (XDocletMain.start                   48  ) Running <remoteinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <homeinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <localinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <localhomeinterface/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <entitypk/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <session/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[ejbdoclet] (XDocletMain.start                   48  ) Running <jboss/>
[webdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[webdoclet] Generating web.xml.
[webdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[webdoclet] Generating web.xml.
[webdoclet] (XDocletMain.start                   48  ) Running <deploymentdescriptor/>
[webdoclet] Generating web.xml.
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

wls-dd-postprocess:
dd-postprocess:
compile:
[copy] Copying 1 file to /ejbca/tmp/bin/classes
cmptcpserviceconditioncheck:
jbosscmptcpclasspathset:
jbosscmptcpclasspathunset:
jbosscmptcpclasspath:
ejbca-ejb.jar:
[jar] Building jar: /ejbca/dist/ejbca-ejb.jar
publicweb.war:
renew.war:
scep.war:
webdist.war:
status.war:
[war] Building war: /ejbca/dist/status.war
cmp.war:
[war] Building war: /ejbca/dist/cmp.war
healthcheck.war:

adminweb.war:
[native2ascii] Converting 9 files from /ejbca/tmp/preprocessed/adminweb/languages to /ejbca/tmp/adminweb.war/languages
[native2ascii] Converting 1 file from /ejbca/tmp/preprocessed/adminweb/languages to /ejbca/tmp/adminweb.war/languages
[copy] Copying 3 files to /ejbca/tmp/adminweb.war/WEB-INF
[jasper2] log4j:WARN No appenders could be found for logger (org.apache.jasper.compiler.JspRuntimeContext).
[jasper2] log4j:WARN Please initialize the log4j system properly.
[war] Building war: /ejbca/dist/adminweb.war

ejbca-util.jar:
ejbcawsconditioncheck:
ws.init:
ws.build:
[echo] ejbca: /ejbca/build.xml
jaxwslibspre:
[delete] Deleting directory /ejbca/tmp/jaxws/lib
[mkdir] Created dir: /ejbca/tmp/jaxws/lib
jaxwslibsstd:
[copy] Copying 19 files to /ejbca/tmp/jaxws/lib
jaxwslibswebsphere:
jaxwslibs:

ejbcaws.war:
[copy] Copying 1 file to /ejbca/tmp/jaxws
[copy] Warning: Could not find file /ejbca/src/jaxws/jboss/web.xml to copy.
[war] Building war: /ejbca/dist/ejbcaws.war

ws.build.client:
ejbcaws.client:
xkmsconditioncheck:
xkms.init:
xkms.build:
xkms.war:
xkms.build.client:
xkms.client:

doc.war:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
prepare:
prepare-error:
doc:
[anakia] Transforming into: /ejbca/tmp/htdocs
ca.ear:
[ear] Building ear: /ejbca/dist/ejbca.ear
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
signjar:
[echo] Specify -Dsignjar.keystore=/path/keystore.jks if you want to sign the release.
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

signjar.internal:
externalraconditioncheck:
externalra.jar:
ejbca.ear:
build:
jbosscmptcplistener:
buildwithcmptcpservice:
deploy:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.
externalraconditioncheck:

externalra.deploy:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

j2ee:check:
[echo] Using appserver.home : /jboss/510

j2ee:web-configure:
[echo] Using JBoss deploy directory /jboss/510/server/default/deploy
[copy] Copying 1 file to /jboss/510/server/default/conf/keystore
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

j2ee:deploytruststore:
[copy] Copying 1 file to /jboss/510/server/default/conf/keystore
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

deploytomcat:
[copy] Copying 1 file to /jboss/510/server/default/deploy/jbossweb.sar

j2ee:configure:
j2ee:deployBase:
[copy] Copying 2 files to /jboss/510/server/default/deploy
[copy] Copying 1 file to /jboss/510/server/default/deploy

j2ee:deploy:
[echo] No custom changes to merge.
[taskdef] Could not load definitions from resource cloverlib.xml. It could not be found.

showtime:
[echo] Task completed 2010-03-25 22:54:05 +0700.

BUILD SUCCESSFUL
Total time: 1 minute 0 seconds
ok

sleeping alitte before doing a reinstall of ca-cert …
……………………………………………………
JBOSS_CMD_START = cd /jboss/510/bin; /jboss/510/bin/run.sh -c default
JBOSS_CMD_START = cd /jboss/510/bin; /jboss/510/bin/run.sh -c default
No directory, logging in with HOME=/
Shutdown message has been posted to the server.
Server shutdown may take a while – check logfiles for completion
JBOSS_CMD_START = cd /jboss/510/bin; /jboss/510/bin/run.sh -c default
now you can import /ejbca/p12/superadmin.p12 into your browser and steer to: https://localhost:8443/ejbca and get gooing
ejbca:/ejbca#

Selesai….kita dapat mengimport file superadmin.p12 pada browser untuk dapat mengadministrasi EJBCA. Ada 2 interface yang perlu di kuasai dalam mengadminister Certificate Authority yaitu EJBCA Adminweb dan EJBCA Userweb. Dengan ini kita juga dapat menerbitkan certificate yang dapat digunakan untuk server,router,smart card,email dan sebagainya.

Contoh dibawah ini EJBCA running pada Firefox :

bersambung..instalasi Online Certificate Status Protocol(CSP) dan Certificate Revocation List(CRL), koneksi ke openLDAP,VPN,Email,Smart Card.

henry@gultom.or.id

4 thoughts on “Membuat PKI Certificate Authority(CA)

  1. maque bermans

    bang artikelnya bagus2,kebetulan saya lagi belajar mengenai Certificate Authoriy dan PKI..jadi saya mohon ijin copas sebagai referensi ya.

    salam,

    maque bermans

  2. You

    Mas Henry, memang benar ilmu yang langka nih..
    Trims buat postingannya.
    Boleh tanya2 kan kalo ada masalah.
    Trims

  3. john

    pak, saya mau nanya,,
    waktu saya coba signing an External CA, gimana caranya aktivasi external CA melalui file .pem yang didapat dari EJBCA,,

    mohon bimbingan bapak, :)
    terimakasih

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.