emCA

This section describes the procedure for configuring the environment variables required for emCA.

Configuration

Environment Variables

For emCA.properties

In emCA application deployment, the configuration of properties file is done through environment variables. In this case, the user has to place the emCA.properties file on the server and make a note of the location of properties file. The same path needs to be provided during environment variables configuration. This file is used to configure database, logs and truststore.

Following is the procedure for configuring emCA.properties file in environment variables. The same Variable Name that is defined below has to be used during configuration.

Variable name: EMCA_CONFIGURATION_PATH

Variable value: location of property files (emCA.properties)

For Windows

Go to Advanced System Settings -> Click on Environment Variables -> Click on New; Then Enter the following as shown below figure

Variable name: EMCA_CONFIGURATION_PATH

Variable value: location of property files (emCA.properties)

It is recommended to restart the system after setting the environment variables

For Linux

For setting environment variables in Linux run the following command

sudo -H gedit /etc/environment

It will open the environment folder and set the emCA core path inside the folder.

EMCA _CONFIGURATION_PATH for emCA.properties file

Once the Environment variable is set for emCA.properties, the user can open the emCA.properties to configure various options which include configuring of database as well as logs.

It is recommended to restart the system after setting the environment variables.

Snapshot

Please find below is the emCA.properties file snapshot along with description of properties:

#MySQL PROPERTIES [This property is meant for configuring MySQL database connection]
hibernate.dialect=org.hibernate.dialect.MySQLDialect
jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/emca
jdbc.dbName=emca
jdbc.username=root
jdbc.password= nNh0bStJeJxo3eu3taSY2Q==
jdbc.dbHost = localhost
jdbc.dbPort = 3306

#MSSQL PROPERTIES [This property is meant for configuring MS SQL database connection ]
#hibernate.dialect=org.hibernate.dialect.SQLServerDialect
#jdbc.url=jdbc:sqlserver://10.80.106.12:1433;databaseName=emca
#jdbc.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver  
#jdbc.username=root
#jdbc.password= nNh0bStJeJxo3eu3taSY2Q==

#Oracle PROPERTIES [This property is meant for configuring Oracle database connection ]
#hibernate.dialect=org.hibernate.dialect.OracleDialect
#jdbc.auth=Container
#jdbc.type=javax.sql.DataSource
#jdbc.driverClassName=oracle.jdbc.driver.OracleDriver
#jdbc.factory=oracle.jdbc.pool.OracleDataSourceFactory
#jdbc.url = jdbc:oracle:thin:@127.0.0.1:1521:emca
#jdbc.username=root
#jdbc.password=root
#jdbc.maxActive=20
#jdbc.maxIdle=10
#jdbc.maxWait=-1

#Base  Location [This property is meant for specifying the local server path where trust store folder, trust store file, PKCS12 folder for storing the PKCS12 file etc. gets generated.]
BaseLocation= C:/emCA

#SCTConnectorURL where SCTConnector deployed[This property is meant for SCT connector URL]
sct_url=http://localhost:8800/sctConnector/getSCT

#to enable automatic backup [This property is meant for emCA application to check automatic backup settings]
EnableAutomaticBackUp = true

#External Application Validity [This property is meant to issue certificate for external application to interface with emCA API Gateway. The value provided here indicates the validity period of the certificate that is issued during external application on-boarding]
ExternalAppValidity = 3650
#Note: In days  
#NoOfDaysToExpirySoon [This property is meant to display the certificates that are going to expire based on the no. of days specified in this property on emCA application dashboard]
NoOfDaysToExpirySoon = 31      

#For Cross-Certification [This property is meant to enable cross certification facility in emCA application]
enableCrossCertification = yes

#To Enable Customized EnhancedKeyUsage [This property is meant to activate or deactivate the option in emCA application for adding custom Enhanced Key Usage for the certificate]
enableCustomizedEnhancedKeyUsage = yes

#To Enable Key deletion [This property is meant to enable or disable option in emCA application to delete key pairs from HSM]
enableKeyDeletion = yes

#Server OS Configuration [This property is meant to identify the Operating System. Based on the operating system, respective settings will be applied]
ServerOS=Windows

enable.proxy=false
http.proxyHost=10.80.100.160
http.proxyPort=80
http.proxyUser=
http.proxyPassword=

#enable/disable smtp 
smtp.enable=yes
#login type(HardToken/SoftToken/HardAndSoftToken)
typeOfLogin = HardAndSoftToken
#Configure the Mail Services [This property is meant to configure Mail Service]
enableMailService=no[This property is meant to enable Mail service. Mail Service will be enabled if value is yes ]
enableMailService_emca_user=yes [This property is meant to enable Mail Service for emCA user. Mail Service will be enabled for emCA user if value is yes ]
enableMailService_tls_certificate=no [This property is meant to enable Mail Service for TLS Certificate. Mail service will be enabled for tls certificate if value is yes ]
enableMailService_certifcate_profile=yes [This property is meant to enable Mail Service for Certificate profile. Mail Service will be enabled for certificate profile  if value is yes ]
EmailFrequency=0 0/2 * * * ? [This property is meant to configure Mail Service Scheduler frequency ]
#Mail configuration with credentials. 
emca.FROM_NAME=Emudhra Private Limited
emca.FROM_EMAIL_ID=amF2YUBpbi5lbXVkaHJhLmNvbQ==
emca.smtp.host=in.emudhra.com
emca.smtp.port=25
emca.smtp.auth=true
emca.smtp.starttls.enable=true
emca.userName=amF2YUBpbi5lbXVkaHJhLmNvbQ==
emca.password=ZU11ZGhyYUAx

#Mail Services without credentials
#emca.FROM_EMAIL_ID=c2VuZGVyQG1haWwuY2VudG9zNy5sYW4
#emca.smtp.host=159.69.88.246
#emca.smtp.port=25
#emca.smtp.auth=false
#emca.smtp.starttls.enable=false
#emca.userName=c2VuZGVyQG1haWwuY2VudG9zNy5sYW4

#auth should be ‘false’ to send mail without authentication and should be ‘true’ otherwise. 
emca.smtp.auth=false
#starttls should be ‘false’ if it has to be disabled and should be ‘true’ otherwise.
emca.smtp.starttls.enable=false
emca.Mail_Subject=Certificate about to expire
emca.Default_CC_Mail1=aW5mb0BlbWNhLmNvbQ==
emca.CA_ADMIN_MAIL=d2xjYWFkQGVtLmNvbQ==

# Automatic PFX generation
emca.url=http://10.80.106.87:7532/emCA/login.htm
emca.pfx_password_length=8
emca.pfx_password_format=YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXpBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWjAxMjM0NTY3ODlAIyQlJg==

Database

Open the emCA.properties file and based on the type of database used; the corresponding values need to be updated. Please find the below sample Database configuration provided for MySQL database.

Example: for #MySQL database, use the below-mentioned values in the table:

Logs

In the emCA.properties file also configure the logs path for capturing events. Provide the log file path to capture logs.

#Configure the log4j.xml path [This property is meant to configure local server path of log4j file]
logFilePath=C:/emCA/emCAPropertyFiles/log4j.xml

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">

    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
    
    <Appenders>
    
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
        
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/emCA-warn.log" filePattern="${APP_LOG_ROOT}/emCA-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/emCA-info.log" filePattern="${APP_LOG_ROOT}/emCA-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/emCA-error.log" filePattern="${APP_LOG_ROOT}/emCA-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
		
		<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/emCA-debug.log" filePattern="${APP_LOG_ROOT}/emCA-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
            
    </Appenders>

    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
			 <AppenderRef ref="debugLog" />
			<AppenderRef ref="Console" /> 
        </AsyncRoot>
    </Loggers>
</Configuration>

Deployment

The following component is required for deployment:

emCA application (emCA.war file)

emCA application package is provided as a war file which has to be deployed on the application server. Please configure and save all the properties in the file defined in section –‘(B) For emCA.properties’ under section 5.4.1.1. Environment Variables

Please find the following steps to deploy the application:

• Copy the emCA.war inside Tomcat->Web apps folder apache-tomcat-7.0.37\webapps.

• Windows run services.msc.

• Select the service name Apache Tomcat and Click Start.

Quick Check Guide

To verify if the application has been successfully deployed, please follow the below steps:

Once deployment is completed and server is started, open any browser like IE, Google Chrome, Firefox etc. and enter URL - https://www.example.com/emCA/login.htm

emCA login page should be displayed as shown below

After successful deployment of the emCA application, check if all the Tables have been created in the specified schema in the database.

Also, check for log file generation in the path mentioned (Configuration->Log Properties).

A log file should have been generated in the above-mentioned path.