To use EJBCA-JBoss-MySQL with exotic UTF-8 characters you need to configure MySQL to create the tables with utf-8 character encoding, eotherwise you will get an exception when trying to save a subjectDN for a user.
To use utf8 in mysql you have to set the following options in my.cnf:
default-character-set=utf8
collation-server = utf8_general_ci
BEFORE you start MySQL, create the database and start JBoss.
To check the encoding of the tables:
mysql -u root -p
> use information_schema;
> select table_schema,table_name, table_collation from tables;
| ejbca2 | UserData | utf8_general_ci |
| ejbca2 | UserDataSourceData | utf8_general_ci |
| ejbcatest | AccessRulesData | latin1_swedish_ci |
| ejbcatest | AdminEntityData | latin1_swedish_ci |
Default when installing MySQL in ubuntu is to create with 'table_collation' latin1_swedish_c1', but we want 'utf8_general_ci', which it creates in a database created with the new settings in my.cnf.
Friday, June 6, 2008
Thursday, April 10, 2008
Controlling an EJBCA cluster node
Just a little glimpse on what is possible to easily achieve.
Some people have clustered high security environments, where you need multiple people to access a shell or console the EJBCA machine. In such an environment it is convenient if you can do some stuff without logging in...NodeControl is born. Nodecontrol runns in a separate Tomcat instance so is independent of JBoss/EJBCA.
With NodeControl you can:
Some of these functions should probably be available in a future re-make of the EJBCA admin-GUI.
Some people have clustered high security environments, where you need multiple people to access a shell or console the EJBCA machine. In such an environment it is convenient if you can do some stuff without logging in...NodeControl is born. Nodecontrol runns in a separate Tomcat instance so is independent of JBoss/EJBCA.
With NodeControl you can:
- Check HealthCheck on EJBCA
- Start/stop JBoss
- Add/remove the node in the cluster by turning on/off the maintenance file in HealthCheck (if maintenance is on, healthcheck returns an error with your message in it)
- Tail and grep in logfiles from pre-configured directories. Also 'tail -f' a logfile through openssl (or nc) to your machine.
Some of these functions should probably be available in a future re-make of the EJBCA admin-GUI.
Thursday, March 20, 2008
Wednesday, March 12, 2008
EJBCA on Weblogic 9
You do not need the administrative Gui to perform start, stop, deploy or undeploy on Weblogic.
To be able to use the command line you have to enable tunneling (no restart required).
In the gui go to "Environment -> Servers -> myserver(admin) -> Protocols -> Enable Tunneling"
On the command line edit bea/weblogic92/server/bin/config/config.xml and add the following to the <server> section (restart required):
<tunneling-enabled>true</tunneling-enabled>
After this you can use the command line tools. For exampel:
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -undeploy
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -deploy -source /home/jboss/ejbca/dist/ejbca.ear
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -stop
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -start
To be able to use the command line you have to enable tunneling (no restart required).
In the gui go to "Environment -> Servers -> myserver(admin) -> Protocols -> Enable Tunneling"
On the command line edit bea/weblogic92/server/bin/config/config.xml and add the following to the <server> section (restart required):
<tunneling-enabled>true</tunneling-enabled>
After this you can use the command line tools. For exampel:
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -undeploy
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -deploy -source /home/jboss/ejbca/dist/ejbca.ear
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -stop
java weblogic.Deployer -user weblogic -password weblogic -name mymodule -start
Monday, March 10, 2008
New page about scripts addons for EJBCA
Scipts for generating lots of users
Made by kinneh and MrsTidy 2007
Tested to generate 20.000 Users, be aware of diskusage (We used about 2GB)
...
http://wiki.ejbca.org/ejbca-scripts
Monday, February 11, 2008
Converting keystores between JKS and P12
Johan dug up these keytool commands, that works with JDK6 and onwards (not in JDK5 and earlier).
JKS → P12
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12
P12 → JKS
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks
I recently retested the p12 to jks conversion on Java 7u79, converting a superadmin.p12 keystore from EJBCA to JKS. Still works!
If you need a CA software that can generate both JKS, P12 or PEM keystores directly so you don't have to convert. Take a look at EJBCA Community, or it's supported big brother EJBCA Enterprise.
JKS → P12
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12
P12 → JKS
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks
I recently retested the p12 to jks conversion on Java 7u79, converting a superadmin.p12 keystore from EJBCA to JKS. Still works!
If you need a CA software that can generate both JKS, P12 or PEM keystores directly so you don't have to convert. Take a look at EJBCA Community, or it's supported big brother EJBCA Enterprise.
Using Websphere and WAS under Ubuntu Linux
Some notes about using Websphere ND and RAD under Ubuntu Linux 7.10.
Because Ubuntu uses dash as the default shell (/bin/sh is a link to /bin/dash not /bin/bash) and websphere installation
too requires bash, although it erroneously uses /bin/sh you have two options:
sudo perl -p -i -e "s/\/sh$/\/bash/" /opt/IBM/WebSphere/AppServer/bin/*.sh
To install Rational Applicaton Developer (RAD v7) on a recent Ubuntu you need to
specify some options to java, or your java gui windows will be completely
blank, making it hard to to any installation :-).
To make it work, simply set this environment variable before running
the installer:
export IBM_JAVA_OPTIONS=-Dawt.toolkit=sun.awt.motif.MToolkit
Because Ubuntu uses dash as the default shell (/bin/sh is a link to /bin/dash not /bin/bash) and websphere installation
too requires bash, although it erroneously uses /bin/sh you have two options:
- Change the link /bin/sh to /bin/bash instead of /bin/dash.
- Change /bin/sh to /bin/bash in the websphere shell scripts.
sudo perl -p -i -e "s/\/sh$/\/bash/" /opt/IBM/WebSphere/AppServer/bin/*.sh
To install Rational Applicaton Developer (RAD v7) on a recent Ubuntu you need to
specify some options to java, or your java gui windows will be completely
blank, making it hard to to any installation :-).
To make it work, simply set this environment variable before running
the installer:
export IBM_JAVA_OPTIONS=-Dawt.toolkit=sun.awt.motif.MToolkit
Subscribe to:
Comments (Atom)
Posts
