一 准备工作(本文档中的路径均为我自己在安装时的路径)

使用EJBCA集成的数据库,所有可以不安装数据库
安装JDK1.4.*,设置JAVA_HOME=C:\j2sdk1.4.2_02;设置classpath=C:\j2sdk1.4.2_02\lib;设置path=C:\j2sdk1.4.2_02\bin;
安装ANT,下载安装包,解压缩到安装路径,设置ANT_HOME=C:\apache-ant-1.6.1;设置path=C:\apache-ant-1.6.1\bin;(一般ANT的安装没有什么问题的)
安装JBOSS,下载安装包,解压缩到安装路径,设置JBOSS_HOME=C:\jboss-3.2.5,启动JBOSS(运行JBOSS_HOME\bin\run.bat),用http://localhost:8080访问,出现JBOSS的相关信息,这表示JBOSS安装成功/
到下载JDK的地方下载一个 "Unlimited Strength Jurisdiction Policy Files",解压缩之后得到一个JCE文件夹,将里面的两个文件复制到系统默认得jre环境的lib\security下面覆盖原来的两个文件.(我安装时将这两个文件复制到JAVA_HOME\jre\lib\security 下面install时通不过,放到了C:\Program Files\Java\j2re1.4.2_02\lib\security 下面 install才顺利进行)

装好这些之后,最好重启机器,让ejbca找得到JBOSS_HOME

二 ant build.xml 过程
运行 cmd 到ejbca 的安装目录下,运行ant

C:\ejbca>ant (ant 会根据 ejbca 的 build.xml文件,创建 编译 打包 复制文件)
Buildfile: build.xml

init:
[mkdir] Created dir: C:\ejbca\tmp\classes
[mkdir] Created dir: C:\ejbca\dist

compile:
[javac] Compiling 462 source files to C:\ejbca\tmp\classes
[copy] Copying 466 files to C:\ejbca\src\java

apply.war:
[mkdir] Created dir: C:\ejbca\tmp\publicweb\apply.war
[copy] Copying 20 files to C:\ejbca\tmp\publicweb\apply.war
[copy] Copying 43 files to C:\ejbca\tmp\publicweb\apply.war\WEB-INF\classe

[jar] Building jar: C:\ejbca\dist\apply.war

status.war:
[mkdir] Created dir: C:\ejbca\tmp\publicweb\status.war
[copy] Copying 1 file to C:\ejbca\tmp\publicweb\status.war
[copy] Copying 25 files to C:\ejbca\tmp\publicweb\status.war\WEB-INF\class
s
[jar] Building jar: C:\ejbca\dist\status.war

webdist.war:
[mkdir] Created dir: C:\ejbca\tmp\publicweb\webdist.war
[copy] Copying 7 files to C:\ejbca\tmp\publicweb\webdist.war
[copy] Copying 47 files to C:\ejbca\tmp\publicweb\webdist.war\WEB-INF\clas
es
[jar] Building jar: C:\ejbca\dist\webdist.war

ca.jar:
[mkdir] Created dir: C:\ejbca\tmp\ca\ca.jar
[copy] Copying 435 files to C:\ejbca\tmp\ca\ca.jar
[jar] Building jar: C:\ejbca\dist\ca.jar

log.jar:
[mkdir] Created dir: C:\ejbca\tmp\log.jar
[copy] Copying 10 files to C:\ejbca\tmp\log.jar
[copy] Copying 23 files to C:\ejbca\tmp\log.jar
[jar] Building jar: C:\ejbca\dist\log.jar

authorization.jar:
[mkdir] Created dir: C:\ejbca\tmp\authorization.jar
[copy] Copying 9 files to C:\ejbca\tmp\authorization.jar
[copy] Copying 90 files to C:\ejbca\tmp\authorization.jar
[jar] Building jar: C:\ejbca\dist\authorization.jar

hardtoken.jar:
[mkdir] Created dir: C:\ejbca\tmp\hardtoken.jar
[copy] Copying 9 files to C:\ejbca\tmp\hardtoken.jar
[copy] Copying 64 files to C:\ejbca\tmp\hardtoken.jar
[jar] Building jar: C:\ejbca\dist\hardtoken.jar

keyrecovery.jar:
[mkdir] Created dir: C:\ejbca\tmp\keyrecovery.jar
[copy] Copying 10 files to C:\ejbca\tmp\keyrecovery.jar
[copy] Copying 28 files to C:\ejbca\tmp\keyrecovery.jar
[jar] Building jar: C:\ejbca\dist\keyrecovery.jar

ra.jar:
[mkdir] Created dir: C:\ejbca\tmp\ra.jar
[copy] Copying 11 files to C:\ejbca\tmp\ra.jar
[copy] Copying 94 files to C:\ejbca\tmp\ra.jar
[jar] Building jar: C:\ejbca\dist\ra.jar

adminweb.war:
[mkdir] Created dir: C:\ejbca\tmp\adminweb.war
[copy] Copying 95 files to C:\ejbca\tmp\adminweb.war
[copy] Copying 13 files to C:\ejbca\tmp\adminweb.war\WEB-INF\classes
[jar] Building jar: C:\ejbca\dist\adminweb.war

ca.ear:
[mkdir] Created dir: C:\ejbca\tmp\ca\ear
[copy] Copying 1 file to C:\ejbca\tmp\ca\ear\ear
[copy] Copying 7 files to C:\ejbca\tmp\publicweb\publicwebroot.war
[jar] Building jar: C:\ejbca\tmp\ca\ear\ear\publicwebroot.war
[copy] Copying 10 files to C:\ejbca\tmp\ca\ear\ear
[copy] Copying 7 files to C:\ejbca\tmp\ca\ear\ear\lib
[jar] Building jar: C:\ejbca\dist\ejbca-ca.ear

admin.jar:
[mkdir] Created dir: C:\ejbca\tmp\adminjar
[copy] Copying 2 files to C:\ejbca\tmp\adminjar
[copy] Copying 217 files to C:\ejbca\tmp\adminjar
[jar] Building jar: C:\ejbca\admin.jar

build:

BUILD SUCCESSFUL
Total time: 30 seconds

在这个过程中 会在EJBCA下面生成tmp 和 dist 文件夹以及一个admin.jar(在install时用得着),据我自己分析,ejbca本身所有的东西都放在tmp文件夹里了,ejbca\tmp\java\classes下面有所有.class 文件,dist用来放各个部分打的包.
(有一点我不明白的是为什么要把admin.jar放在下面根目录下面,而不把部署文件ejbca-ca.ear放在这个下面)

三 ant deploy 过程
C:\ejbca>ant deploy
Buildfile: build.xml

init:

compile:

apply.war:

status.war:

webdist.war:

ca.jar:

ra.jar:

adminweb.war:

log.jar:

hardtoken.jar:

keyrecovery.jar:

authorization.jar:

ca.ear:

admin.jar:

deploy:
[copy] Copying 1 file to C:\jboss-3.2.2RC1_tomcat-4.1.24\server\default\dep
loy
[copy] Copying C:\ejbca\dist\ejbca-ca.ear to C:\jboss-3.2.2RC1_tomcat-4.1.2
4\server\default\deploy\ejbca-ca.ear

BUILD SUCCESSFUL
Total time: 6 seconds

这时你在JBOSS_HOME\server\default\deploy下面发现多了个ejbca-ca.ear文件,ejbca-ca.ear 是上一步的ca.ear:时生成的,这个文件里包含了ant 时打的所有的包
启动JBOSS 你会发现有ejbca-ca.ear部署成功的信息,在启动JBOSS的过程中,JBOSS会对ejbca-ca.ear作一些处理

四 install 过程

C:\ejbca>install
Welcome to EJBCA Installation
This script acts as a wizard helping you with the installation of your Certifica
te Authority.

Before the installation will begin make sure of the following preparations have
been done:

1. The EJBCA application is deployed to the application server. ('ant deploy')

2. You run this installation with access to administrative privileges.(你的登录机器的身份必须具有administrator身份)

Is these requirements meet (Yes/No) :Yes


This installation will create a first administrative CA. This CA will be used to
create the first
superadministrator and for the SSL server certificate of administrative web serv
er.

When the administrative web server have been setup you can create other CA:s and
administrators.

Please enter the short name for the CA.
This is only used for administrative purposes,
avoid spaces or odd characters (Ex 'AdminCA1') :shaoshao(这是给CA命一个common name<CN> , 一个好记的名字,可以自己取)
Enter the Distinguished Name of the CA. This is used in the CA certificate to di
stinguish the CA. (Ex 'CN=AdminCA1,O=PrimeKey Solutions AB,C=SE') :CN=shaoshao,
O=PrimeKey Solutions AB,C=SE(这是CA 的DN,我想CN应该与前面一样,)
Enter the keysize in bits of the CA, only digits. (Ex '2048') : 2048
Enter the validity in days for the CA, only digits (Ex '3650') :3650
Enter the policy id of the CA. Policy id determine which PKI policy the CA uses.

Type your policy id or use '2.5.29.32.0' for any policy or 'NO' for no policy at
all.
(Ex '2.5.29.32.0') :202.197.125.190(输入自己机器的IP,也可以使用通用的2.5.29.32.0)
(以上都是有关创建CA的一些信息,CA会有一个根证书SuperAdmin)

Now for some information required to set up the administration web interface.(为EJBCA 的 administr
ative web gui 创建一个 ssl 服务器端证书 )

Please enter the computer name of CA server. (Ex 'caserver.primekey.se') :hs(输入自己机器的名字)
Enter the Distinguished Name of the SSL server certificate used by the administr
ative web gui
(Ex 'CN=caserver.primekey.se,O=PrimeKey Solutions AB,C=SE') :CN=huangshao,O=PrimeKey Solutions AB,C=SE(ssl服务器端证书的DN,CN应该是可以随便取的,在通过https://localhost:8443/ejbca/adminweb/访问时 可以查看此证书的信息)
Enter a good password for the super administrators keystore. Please remember thi
s one:12345678(打开install.cmd可以看到默认的JAVACACERTPASSWD=changeit;将SuperAdmin.p12导入浏览器时输入的就是这个密码)


You have entered the following data :


CA short name : shaoshao
Distinguished Name CA : CN=shaoshao,O=PrimeKey Solutions AB,C=SE
Keysize of the CA : 2048
Validity in days for the CA : 3650
Policy id of the CA : 202.197.125.190
Computer name of CA server : hs
Distinguished Name of the SSL server certificate : CN=huangshao,O=PrimeKey Solut
ions AB,C=SE
Password for the super administrators keystore : 12345678
Is this correct ( Yes/No/Exit ) :Y

The installation will now start, please wait .....


Initializing CA
Generating rootCA keystore:
DN: CN=shaoshao,O=PrimeKey Solutions AB,C=SE
Keysize: 2048
Validity (days): 3650
Policy ID: 202.197.125.190
Initalizing Temporary Authorization Module.
Creating CA...
CAId for created CA: -1912334509
-Created and published initial CRL.
CA initialized
(此过程中 会 创建CA ,会生成CA的证书 ,会初始化user状态 会发布CRL 会把证书添加到KEYSTORE中等等)

Setup of Administration Web Interface have started, this will take a minute to c
omplete ....

keytool错误： java.lang.Exception: 别名 <EJBCA-CA> 不存在

认证已添加至keystore中

The installation is now complete.
Proceed with the following steps in order to start administrating EJBCA.

1. Restart the application server.
2. Import the p12/superadmin.p12 file in your browser.
3. Go to the following URL: https://<computername>:8443/ejbca/adminweb
4. And now your are all set to start using EJBCA.

If you are interested in professional support of EJBCA and PKI related question
s,
please contact PrimeKey Solutions AB, Sweden at ejbca@primekey.se or http://www.primeke/
y.se for more information.

在这个阶段会创建CA 创建两个证书(在ejbca下面会有p12/superadmin.p12生成) install的具体有那些操作可以打开ejbca\install.cmd看看
(我这里有个问题是: 老是出现keytool错误： java.lang.Exception: 别名 <EJBCA-CA> 不存在,是不是第一次装ejbca都会出现这个错误?)

五 访问administration page
重新启动JBOSS ,将p12/superadmin.p12导入浏览器,然后通过https://localhost:8443/ejbca/adminweb 就可以访问了

我在安装的过程中,出现了很多问题,有时候install成功了,但是https://localhost:8443/ejbca/adminweb 访问时就是打不开页面,也不知道什么原因,只好把JDK,JBOSS,EJBCA重新安装了很多次,重启了很多次机器之后才成功的.

其中有错误的地方,请大家一定要指出来!