一 準(zhǔn)備工作(本文檔中的路徑均為我自己在安裝時的路徑)

使用EJBCA集成的數(shù)據(jù)庫,所有可以不安裝數(shù)據(jù)庫
安裝JDK1.4.*,設(shè)置JAVA_HOME=C:\j2sdk1.4.2_02;設(shè)置classpath=C:\j2sdk1.4.2_02\lib;設(shè)置path=C:\j2sdk1.4.2_02\bin;
安裝ANT,下載安裝包,解壓縮到安裝路徑,設(shè)置ANT_HOME=C:\apache-ant-1.6.1;設(shè)置path=C:\apache-ant-1.6.1\bin;(一般ANT的安裝沒有什么問題的)
安裝JBOSS,下載安裝包,解壓縮到安裝路徑,設(shè)置JBOSS_HOME=C:\jboss-3.2.5,啟動JBOSS(運行JBOSS_HOME\bin\run.bat),用http://localhost:8080訪問,出現(xiàn)JBOSS的相關(guān)信息,這表示JBOSS安裝成功/
到下載JDK的地方下載一個 "Unlimited Strength Jurisdiction Policy Files",解壓縮之后得到一個JCE文件夾,將里面的兩個文件復(fù)制到系統(tǒng)默認(rèn)得jre環(huán)境的lib\security下面覆蓋原來的兩個文件.(我安裝時將這兩個文件復(fù)制到JAVA_HOME\jre\lib\security 下面install時通不過,放到了C:\Program Files\Java\j2re1.4.2_02\lib\security 下面 install才順利進(jìn)行)

裝好這些之后,最好重啟機(jī)器,讓ejbca找得到JBOSS_HOME

二 ant build.xml 過程
運行 cmd 到ejbca 的安裝目錄下,運行ant

C:\ejbca>ant (ant 會根據(jù) ejbca 的 build.xml文件,創(chuàng)建 編譯 打包 復(fù)制文件)
Buildfile: build.xml

init:
[mkdir] Created dir: C:\ejbca\tmp\classes
[mkdir] Created dir: C:\ejbca\dist

compile:
[javac] Compiling 462 source files to C:\ejbca\tmp\classes
[copy] Copying 466 files to C:\ejbca\src\java

apply.war:
[mkdir] Created dir: C:\ejbca\tmp\publicweb\apply.war
[copy] Copying 20 files to C:\ejbca\tmp\publicweb\apply.war
[copy] Copying 43 files to C:\ejbca\tmp\publicweb\apply.war\WEB-INF\classe

[jar] Building jar: C:\ejbca\dist\apply.war

status.war:
[mkdir] Created dir: C:\ejbca\tmp\publicweb\status.war
[copy] Copying 1 file to C:\ejbca\tmp\publicweb\status.war
[copy] Copying 25 files to C:\ejbca\tmp\publicweb\status.war\WEB-INF\class
s
[jar] Building jar: C:\ejbca\dist\status.war

webdist.war:
[mkdir] Created dir: C:\ejbca\tmp\publicweb\webdist.war
[copy] Copying 7 files to C:\ejbca\tmp\publicweb\webdist.war
[copy] Copying 47 files to C:\ejbca\tmp\publicweb\webdist.war\WEB-INF\clas
es
[jar] Building jar: C:\ejbca\dist\webdist.war

ca.jar:
[mkdir] Created dir: C:\ejbca\tmp\ca\ca.jar
[copy] Copying 435 files to C:\ejbca\tmp\ca\ca.jar
[jar] Building jar: C:\ejbca\dist\ca.jar

log.jar:
[mkdir] Created dir: C:\ejbca\tmp\log.jar
[copy] Copying 10 files to C:\ejbca\tmp\log.jar
[copy] Copying 23 files to C:\ejbca\tmp\log.jar
[jar] Building jar: C:\ejbca\dist\log.jar

authorization.jar:
[mkdir] Created dir: C:\ejbca\tmp\authorization.jar
[copy] Copying 9 files to C:\ejbca\tmp\authorization.jar
[copy] Copying 90 files to C:\ejbca\tmp\authorization.jar
[jar] Building jar: C:\ejbca\dist\authorization.jar

hardtoken.jar:
[mkdir] Created dir: C:\ejbca\tmp\hardtoken.jar
[copy] Copying 9 files to C:\ejbca\tmp\hardtoken.jar
[copy] Copying 64 files to C:\ejbca\tmp\hardtoken.jar
[jar] Building jar: C:\ejbca\dist\hardtoken.jar

keyrecovery.jar:
[mkdir] Created dir: C:\ejbca\tmp\keyrecovery.jar
[copy] Copying 10 files to C:\ejbca\tmp\keyrecovery.jar
[copy] Copying 28 files to C:\ejbca\tmp\keyrecovery.jar
[jar] Building jar: C:\ejbca\dist\keyrecovery.jar

ra.jar:
[mkdir] Created dir: C:\ejbca\tmp\ra.jar
[copy] Copying 11 files to C:\ejbca\tmp\ra.jar
[copy] Copying 94 files to C:\ejbca\tmp\ra.jar
[jar] Building jar: C:\ejbca\dist\ra.jar

adminweb.war:
[mkdir] Created dir: C:\ejbca\tmp\adminweb.war
[copy] Copying 95 files to C:\ejbca\tmp\adminweb.war
[copy] Copying 13 files to C:\ejbca\tmp\adminweb.war\WEB-INF\classes
[jar] Building jar: C:\ejbca\dist\adminweb.war

ca.ear:
[mkdir] Created dir: C:\ejbca\tmp\ca\ear
[copy] Copying 1 file to C:\ejbca\tmp\ca\ear\ear
[copy] Copying 7 files to C:\ejbca\tmp\publicweb\publicwebroot.war
[jar] Building jar: C:\ejbca\tmp\ca\ear\ear\publicwebroot.war
[copy] Copying 10 files to C:\ejbca\tmp\ca\ear\ear
[copy] Copying 7 files to C:\ejbca\tmp\ca\ear\ear\lib
[jar] Building jar: C:\ejbca\dist\ejbca-ca.ear

admin.jar:
[mkdir] Created dir: C:\ejbca\tmp\adminjar
[copy] Copying 2 files to C:\ejbca\tmp\adminjar
[copy] Copying 217 files to C:\ejbca\tmp\adminjar
[jar] Building jar: C:\ejbca\admin.jar

build:

BUILD SUCCESSFUL
Total time: 30 seconds

在這個過程中 會在EJBCA下面生成tmp 和 dist 文件夾以及一個admin.jar(在install時用得著),據(jù)我自己分析,ejbca本身所有的東西都放在tmp文件夾里了,ejbca\tmp\java\classes下面有所有.class 文件,dist用來放各個部分打的包.
(有一點我不明白的是為什么要把admin.jar放在下面根目錄下面,而不把部署文件ejbca-ca.ear放在這個下面)

三 ant deploy 過程
C:\ejbca>ant deploy
Buildfile: build.xml

init:

compile:

apply.war:

status.war:

webdist.war:

ca.jar:

ra.jar:

adminweb.war:

log.jar:

hardtoken.jar:

keyrecovery.jar:

authorization.jar:

ca.ear:

admin.jar:

deploy:
[copy] Copying 1 file to C:\jboss-3.2.2RC1_tomcat-4.1.24\server\default\dep
loy
[copy] Copying C:\ejbca\dist\ejbca-ca.ear to C:\jboss-3.2.2RC1_tomcat-4.1.2
4\server\default\deploy\ejbca-ca.ear

BUILD SUCCESSFUL
Total time: 6 seconds

這時你在JBOSS_HOME\server\default\deploy下面發(fā)現(xiàn)多了個ejbca-ca.ear文件,ejbca-ca.ear 是上一步的ca.ear:時生成的,這個文件里包含了ant 時打的所有的包
啟動JBOSS 你會發(fā)現(xiàn)有ejbca-ca.ear部署成功的信息,在啟動JBOSS的過程中,JBOSS會對ejbca-ca.ear作一些處理

四 install 過程

C:\ejbca>install
Welcome to EJBCA Installation
This script acts as a wizard helping you with the installation of your Certifica
te Authority.

Before the installation will begin make sure of the following preparations have
been done:

1. The EJBCA application is deployed to the application server. ('ant deploy')

2. You run this installation with access to administrative privileges.(你的登錄機(jī)器的身份必須具有administrator身份)

Is these requirements meet (Yes/No) :Yes


This installation will create a first administrative CA. This CA will be used to
create the first
superadministrator and for the SSL server certificate of administrative web serv
er.

When the administrative web server have been setup you can create other CA:s and
administrators.

Please enter the short name for the CA.
This is only used for administrative purposes,
avoid spaces or odd characters (Ex 'AdminCA1') :shaoshao(這是給CA命一個common name<CN> , 一個好記的名字,可以自己取)
Enter the Distinguished Name of the CA. This is used in the CA certificate to di
stinguish the CA. (Ex 'CN=AdminCA1,O=PrimeKey Solutions AB,C=SE') :CN=shaoshao,
O=PrimeKey Solutions AB,C=SE(這是CA 的DN,我想CN應(yīng)該與前面一樣,)
Enter the keysize in bits of the CA, only digits. (Ex '2048') : 2048
Enter the validity in days for the CA, only digits (Ex '3650') :3650
Enter the policy id of the CA. Policy id determine which PKI policy the CA uses.

Type your policy id or use '2.5.29.32.0' for any policy or 'NO' for no policy at
all.
(Ex '2.5.29.32.0') :202.197.125.190(輸入自己機(jī)器的IP,也可以使用通用的2.5.29.32.0)
(以上都是有關(guān)創(chuàng)建CA的一些信息,CA會有一個根證書SuperAdmin)

Now for some information required to set up the administration web interface.(為EJBCA 的 administr
ative web gui 創(chuàng)建一個 ssl 服務(wù)器端證書 )

Please enter the computer name of CA server. (Ex 'caserver.primekey.se') :hs(輸入自己機(jī)器的名字)
Enter the Distinguished Name of the SSL server certificate used by the administr
ative web gui
(Ex 'CN=caserver.primekey.se,O=PrimeKey Solutions AB,C=SE') :CN=huangshao,O=PrimeKey Solutions AB,C=SE(ssl服務(wù)器端證書的DN,CN應(yīng)該是可以隨便取的,在通過https://localhost:8443/ejbca/adminweb/訪問時 可以查看此證書的信息)
Enter a good password for the super administrators keystore. Please remember thi
s one:12345678(打開install.cmd可以看到默認(rèn)的JAVACACERTPASSWD=changeit;將SuperAdmin.p12導(dǎo)入瀏覽器時輸入的就是這個密碼)


You have entered the following data :


CA short name : shaoshao
Distinguished Name CA : CN=shaoshao,O=PrimeKey Solutions AB,C=SE
Keysize of the CA : 2048
Validity in days for the CA : 3650
Policy id of the CA : 202.197.125.190
Computer name of CA server : hs
Distinguished Name of the SSL server certificate : CN=huangshao,O=PrimeKey Solut
ions AB,C=SE
Password for the super administrators keystore : 12345678
Is this correct ( Yes/No/Exit ) :Y

The installation will now start, please wait .....


Initializing CA
Generating rootCA keystore:
DN: CN=shaoshao,O=PrimeKey Solutions AB,C=SE
Keysize: 2048
Validity (days): 3650
Policy ID: 202.197.125.190
Initalizing Temporary Authorization Module.
Creating CA...
CAId for created CA: -1912334509
-Created and published initial CRL.
CA initialized
(此過程中 會 創(chuàng)建CA ,會生成CA的證書 ,會初始化user狀態(tài) 會發(fā)布CRL 會把證書添加到KEYSTORE中等等)

Setup of Administration Web Interface have started, this will take a minute to c
omplete ....

keytool錯誤： java.lang.Exception: 別名 <EJBCA-CA> 不存在

認(rèn)證已添加至keystore中

The installation is now complete.
Proceed with the following steps in order to start administrating EJBCA.

1. Restart the application server.
2. Import the p12/superadmin.p12 file in your browser.
3. Go to the following URL: https://<computername>:8443/ejbca/adminweb
4. And now your are all set to start using EJBCA.

If you are interested in professional support of EJBCA and PKI related question
s,
please contact PrimeKey Solutions AB, Sweden at ejbca@primekey.se or http://www.primeke/
y.se for more information.

在這個階段會創(chuàng)建CA 創(chuàng)建兩個證書(在ejbca下面會有p12/superadmin.p12生成) install的具體有那些操作可以打開ejbca\install.cmd看看
(我這里有個問題是: 老是出現(xiàn)keytool錯誤： java.lang.Exception: 別名 <EJBCA-CA> 不存在,是不是第一次裝ejbca都會出現(xiàn)這個錯誤?)

五 訪問administration page
重新啟動JBOSS ,將p12/superadmin.p12導(dǎo)入瀏覽器,然后通過https://localhost:8443/ejbca/adminweb 就可以訪問了

我在安裝的過程中,出現(xiàn)了很多問題,有時候install成功了,但是https://localhost:8443/ejbca/adminweb 訪問時就是打不開頁面,也不知道什么原因,只好把JDK,JBOSS,EJBCA重新安裝了很多次,重啟了很多次機(jī)器之后才成功的.

其中有錯誤的地方,請大家一定要指出來!