This section provides the procedure for emCA API deployment and configuration. emCA API (emcaServices) provides an open API (Application Programming Interface) for integrating certificate services with third-party applications and devices. emCA API supports REST in JSON format. emCA APIs are light weight and flexible.
Following are the methods that are supported by emCA API. This includes:
createX509Certificate( )
createSoftTokenCert( )
getX509Certificate( )
revokeX509Cert( )
verifysignature( )
suspendCert()
reinstateCert()
rekey()
Configuration
Note: All actions required for setting up and configuring emCA should be done using administrator privileges.
Environment Variables
For Application.properties
This file is used to configure database-related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.
For Windows
Configure the property file path in environment variables as shown in below figure .
Variable name: EMCA_SERVICES_CONFIGURATION_PATH
Variable value: location of property files (application.properties)
For Linux
For setting environment variable in Linux, run following command.
sudo -H gedit /etc/environment
It will open the environment folder and set the emCA and emCA Services path inside the folder.
EMCA_SERVICES_CONFIGURATION_PATH for application.properties file as shown in the below figure.
Once the Environment variable is set for application.properties, the user can open the application.properties to configure various options which includes configuring of database as well as logs.
Snapshot
Please find below is the application.properties file snapshot for reference:
#server.port=9009
# ===============================
# = DATA SOURCE
# ===============================
# Set configurations here for database connection
# Connection url for the database "netgloo_blog"
spring.datasource.url=jdbc:mysql://localhost:3306/emca
spring.datasource.username=root
spring.datasource.password= nNh0bStJeJxo3eu3taSY2Q==
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.jpa.show-sql=true
spring.jpa.hibernate.ddl-auto=update
#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
#spring.datasource.hikari.jdbc-url=jdbc:mysql://localhost:3306/emca
#spring.datasource.hikari.idleTimeout=10
#spring.datasource.hikari.maximumPoolSize=10
#spring.datasource.hikari.minimumIdle=15
#spring.datasource.hikari.dataSourceClassName=com.#mysql.jdbc.jdbc2.optional.MysqlDataSource
spring.mvc.view.prefix= /WEB-INF/jsps/
spring.mvc.view.suffix= .jsp
#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
#spring.jpa.hibernate.ddl-auto=update
#spring.datasource.hikari.connectionTimeout=30000
#spring.datasource.hikari.idleTimeout=600000
#spring.datasource.hikari.maxLifetime=1800000
spring.datasource.type=com.zaxxer.hikari.HikariDataSource
#maximum number of milliseconds that a client will wait for a connection
spring.datasource.hikari.connection-timeout = 300000
#minimum number of idle connections maintained by HikariCP in a connection pool
spring.datasource.hikari.minimum-idle= 10
#maximum pool size
spring.datasource.hikari.maximum-pool-size= 60
#maximum idle time for connection
spring.datasource.hikari.idle-timeout=1000
# maximum lifetime in milliseconds of a connection in the pool after it is closed.
spring.datasource.hikari.max-lifetime= 100
#default auto-commit behavior.
spring.datasource.hikari.auto-commit =true
#
spring.datasource.hikari.leakDetectionThreshold=20000
## Naming strategy
#spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy
# Allows Hibernate to generate SQL optimized for a particular DBMS
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext
#Profile location and name
#certificateProfilesPath= C:/emCA/Certificate Profiles
#profileName = User prof
#output to a temp_folder/file
logFilePath=C:/emCA/emCAProperties/log4j.xml
#SCEP Properties
#scep.certificate.create.url = http://localhost:8080/SpringBootRestApi/api/scepX509CertRequest/
#scep.certificate.profile.name = raca
#scep.registered.ext.app.name = raca
#scep.registered.ext.app.pwd = raca
#scep.registered.ext.app.credentials = raca|raca
soap.wsdlPath = http://localhost:8080/emCAServices/service/emcaServices.wsdl
#API Authentication time out in minutes
APIAuthenticationTimeOut = 1440
Database
Open the application.properties file and based on the type of database used; the corresponding values need to be updated. Please find below a sample Database configuration provided for MySQL database.
Example: for #MySQL database, use below mentioned values in the table:
#Hibernate properties:
Parameter
Description
Values to be replaced
spring.jpa.properties.hibernate.dialect
[DialectInfo] refers to Dialect information
org.hibernate.dialect.MySQL5Dialect
spring.datasource.driver-class-name
[DriverClassName] refers to Driver class name
com.mysql.jdbc.Driver
spring.datasource.url
[URL] refers to Database URL
jdbc:mysql://127.0.0.1:3306/emca
spring.datasource.username
[UserName] refers to UserName who has access to this schema
Root
spring.datasource.password
[Password] refers to Password for the user ( Refer Section 6)
nNh0bStJeJxo3eu3taSY2Q==
Ex:
#MySQL
DialectInfo= “org.hibernate.dialect.MySQLDialect”
DriverClassName=” com.mysql.jdbc.Driver”
URL= “jdbc:mysql://<127.0.0.1:3306>/ emca”
UserName=”root”
Password=”root”
Note: The same schema which is used for the emCA application should be used for the emCA API as well
Logs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of the log4j.xml file needs to be provided in the application.properties file which is set in the environment variables
In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.
Deployment
The following component is required for deployment:
emCAServices.war
emCAServices comes as a war file that has to be deployed on the application server. Server provides configuration through the properties file.
Please configure and save all the properties defined in the properties file. Then deploy the configured emCAServices war file.
Please find below the steps to deploy the application:
Copy the emcaServices war inside Tomcat ->Web apps folder apache-tomcat-7.0.37\webapps.
Windows run services.msc.
Select the service Apache Tomcat and click start.
Quick Check Guide
Once deployment is completed and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox, etc. and enter the URL- https:/www.example.com/emcaServices
Example: https://www.example.com/emCAServices in the enter address field
The following message will be displayed as shown below