You need OpenSSL development libs to build the pkcs15-init tool in opensc, for Ubuntu this means installing the libss-dev package.
sudo apt-get install libssl-dev autoconf libtool
sudo apt-get install pkg-config libpcsclite-dev
svn co http://www.opensc-project.org/svn/opensc/trunk opensc
sudo make install
pkcs15-init -C --pin foo123 --puk foo123
(or just 'pkcs15-init -C' but you have to enter pin code about 20 times)
pkcs15-init -P -a 01 -l test01
After this is done, you need to add the /usr/lib/opensc-pkcs11.so as a Security Device in Firefox. To enroll, simply add a new user in EJBCA, go to Public Web and do a browser enrollment. I used Medium Security in order to get 1024 bit RSA keys, that I know works with my cardreader that does not have Extended APDU using CCID.
Browser enrollment will generate a new key on the smart card, get a certificate from EJBCA and store the certificate on the smart card.
With this test we now know about three cards that works well to do browser enrollment with FireFox.
Also see the old blog post about using openssl enging to make certificate requests and import certificates to the smart card.