Deploying Build Files
emCA
This section describes the procedure for configuring the environment variables required for emCA.
Configuration
Environment Variables
For emCA.properties
In emCA application deployment, the configuration of properties file is done through environment variables. In this case, the user has to place the emCA.properties file on the server and make a note of the location of properties file. The same path needs to be provided during environment variables configuration. This file is used to configure database, logs and truststore.
Following is the procedure for configuring emCA.properties file in environment variables. The same Variable Name that is defined below has to be used during configuration.
Variable name: EMCA_CONFIGURATION_PATH
Variable value: location of property files (emCA.properties)
For Windows
Go to Advanced System Settings -> Click on Environment Variables -> Click on New; then Enter the following as shown below figure
Variable name: EMCA_CONFIGURATION_PATH
Variable value: location of property files (emCA.properties)
It is recommended to restart the system after setting the environment variables
For Linux
For setting environment variables in Linux run the following command
sudo -H gedit /etc/environment
It will open the environment folder and set the emCA core path inside the folder.
EMCA _CONFIGURATION_PATH for emCA.properties file
Once the Environment variable is set for emCA.properties, the user can open the emCA.properties to configure various options which include configuring of database as well as logs.
It is recommended to restart the system after setting the environment variables.
Snapshot
Please find below is the emCA.properties file snapshot along with description of properties:
#########################################################
## General information ##
#########################################################
## Boolean values = "yes" or "no" ##
## String values = base64 encoded ##
## Passwords = encrypted with PasswordSecure.jar ##
## Time intervals = in days if not specified otherwise ##
## Paths = always absolute paths ##
## Optionals = set to empty if not needed ##
#########################################################
#######################################
## MySQL Properties ##
#######################################
#HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
#JDBC_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.cj.jdbc.Driver
#JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/<sheema>
#JDBC_DB_NAME
jdbc.db.name=<sheema>
#JDBC_DB_HOST
jdbc.db.host = localhost
#JDBC_DB_PORT
jdbc.db.port = 3306
#JDBC_APPLICATION_USERNAME
jdbc.application.username=[application username]
#JDBC_APPLICATION_PASSWORD
jdbc.application.password=[encrypted password]
#true : enabled; false : dicebled
#DATABASE_EMCA_ROLE_ACCESS_ENABLED
database.emca.role.access.enabled=true
# CA Administrator Role
#JDBC_ROLE_CAADMINISTRATOR_USERNAME
jdbc.role.caadministrator.username=[administrator username]
#JDBC_ROLE_CAADMINISTRATOR_PASSWORD
jdbc.role.caadministrator.password=[encrypted password]
# Administrator Role
#JDBC_ROLE_ADMINISTRATOR_USERNAME
jdbc.role.administrator.username=[administrator username]
#JDBC_ROLE_ADMINISTRATOR_PASSWORD
jdbc.role.administrator.password=[encrypted password]
# Officer Role
#JDBC_ROLE_OFFICER_USERNAME
jdbc.role.officer.username=[administrator username]
#JDBC.ROLE.OFFICER.PASSWORD
jdbc.role.officer.password=[encrypted password]
# Auditor Role
#JDBC_ROLE_AUDITOR_USERNAME
jdbc.role.auditor.username=[administrator username]
#JDBC_ROLE_AUDITOR_PASSWORD
jdbc.role.auditor.password=[encrypted password]
#EMCA_APPLICATION_FOLDERS_LOCATION
emca.application.folders.location=[emCA Folders path]
Database
Open the emCA.properties file and based on the type of database used; the corresponding values need to be updated. Please find the below sample Database configuration provided for MySQL database.
Example: for #MySQL database, use the below-mentioned values in the table:
hibernate.dialect
[DialectInfo] refers to Dialect information
org.hibernate.dialect.MySQLDialect
jdbc.driver.class.name
[DriverClassName] refers to Driver class name
com.mysql.jdbc.Driver
jdbc.url
[URL] refers to Database URL
jdbc:mysql://127.0.0.1:3306/emca
jdbc.application.username
[UserName] refers to UserName who has access to this schema
root
jdbc.application.password
[Password] refers to Password for the user
nNh0bStJeJxo3eu3taSY2Q==
Logs
In the emCA.properties file also configure the logs path for capturing events. Provide the log file path to capture logs.
#Configure the log4j.xml path [This property is meant to configure local server path of log4j file]
logFilePath=C:/emCA/emCAPropertyFiles/log4j.xml<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
<!-- Logging Properties -->
<Properties>
<Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
<Property name="APP_LOG_ROOT">[Local Server Path] </Property>
</Properties>
<Appenders>
<!-- Console Appender -->
<Console name="Console" target="SYSTEM_OUT" follow="true">
<PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
</Console>
<RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/emCA-warn.log" filePattern="${APP_LOG_ROOT}/emCA-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/emCA-info.log" filePattern="${APP_LOG_ROOT}/emCA-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/emCA-error.log" filePattern="${APP_LOG_ROOT}/emCA-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/emCA-debug.log" filePattern="${APP_LOG_ROOT}/emCA-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
</Appenders>
<Loggers>
<AsyncRoot level="debug" includeLocation="false">
<AppenderRef ref="infoLog" />
<AppenderRef ref="errorLog" />
<AppenderRef ref="warnLog" />
<AppenderRef ref="debugLog" />
<AppenderRef ref="Console" />
</AsyncRoot>
</Loggers>
</Configuration>
Deployment
The following component is required for deployment:
emCA application (emCA.war file)
emCA application package is provided as a war file which has to be deployed on the application server. Please configure and save all the properties in the file defined in section –‘For emCA.properties’ under Environment Variables
Please find the following steps to deploy the application:
Copy the emCA.war inside Tomcat->Web apps folder apache-tomcat-7.0.37\webapps.
Windows run services.msc.
Select the service name Apache Tomcat and Click Start.
Quick Check Guide
To verify if the application has been successfully deployed, please follow the below steps:
Once deployment is completed and server is started, open any browser like IE, Google Chrome, Firefox etc. and enter URL - https://www.example.com/emCA/login.htm
emCA login page should be displayed as shown below
After successful deployment of the emCA application, check if all the Tables have been created in the specified schema in the database.
Also, check for log file generation in the path mentioned (Configuration->Log Properties).
A log file should have been generated in the above-mentioned path.
emCA API
This section provides the procedure for emCA API deployment and configuration. emCA API (emcaServices) provides an open API (Application Programming Interface) for integrating certificate services with third-party applications and devices. emCA API supports REST in JSON format. emCA APIs are light weight and flexible.
Requirement
emcaServices.war package
Deploy WAR
Copy emcaServices.war to <APP_SERVER>/webapps/
Configure EMCA_CONFIGURATION_PATH
Define datasource or JNDI for API database access
Start Service
Restart application server
Verify endpoint availability at https://<host>:<port>/emCA/api/health
Authentication & Transport
All endpoints require TLS
Use token-based authentication in HTTP headers
Supported REST Methods
CA Management:
GET
getKeyProfiles
POST
createCA
POST
createCSR
POST
importCertificate
POST
createOrUpdateCRLProfile
POST
createOrUpdateCRL
POST
getCRL
GET
getCRL
POST
revoke/suspend
POST
reinstateCA
POST
createOrUpdateUserProfile
POST
createUserCertificate
Certificate Management:
POST
getJwt-token
POST
createCertificate
POST
createCertificates
POST
createCustomCertificate
POST
createKeyStore
POST
rekey
POST
regenerateKeyStore
POST
revoke
POST
suspend
POST
reinstate
POST
getCertificate
POST
getProfiles
POST
getProfileInfo
POST
getCertInfo
POST
getCertCount
POST
getExpiringSoonCertInfo
POST
getCAs
POST
getCertificateChain
GET
getCAs
GET
getCertificateChain
GET
getProfileInfo
GET
getProfiles
GET
getCertificate
Configuration
Environment Variables
Application.properties
This file is used to configure database-related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.
For Windows
Configure the property file path in environment variables as shown in below figure .
Variable name: EMCA_SERVICES_CONFIGURATION_PATH
Variable value: location of property files (application.properties)
For Linux
For setting environment variable in Linux, run following command.
sudo -H gedit /etc/environment
It will open the environment folder and set the emCA and emCA Services path inside the folder.
EMCA_SERVICES_CONFIGURATION_PATH for application.properties file as shown in the below figure.
Once the Environment variable is set for application.properties, the user can open the application.properties to configure various options which includes configuring of database as well as logs.
Snapshot
Application.properties file snapshot for reference:
#########################################################
## General information ##
#########################################################
## Boolean values = "yes" or "no" ##
## String values = base64 encoded ##
## Passwords = encrypted with PasswordSecure.jar ##
## Time intervals = in days if not specified otherwise ##
## Paths = always absolute paths ##
#########################################################
#######################################
## MySQL Connection ##
#######################################
#SPRING_DATASOURCE_DRIVER_CLASS_NAME
spring.datasource.driver.class.name=com.mysql.jdbc.Driver
#SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
#SPRING_DATASOURCE_URL
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/<sheema>
#SPRING_DATASOURCE_NAME
spring.datasource.name=<sheema>
#SPRING_DATASOURCE_USERNAME
spring.datasource.username=[username]
#SPRING_DATASOURCE_PASSWORD
spring.datasource.password=[encrypted password]
#EMCA_APPLICATION_FOLDERS_LOCATION
emca.application.folders.location=[emca folders locations]
#######################################
## OAUTH2 Configuration ##
#######################################
#SECURITY_OAUTH2_ENABLED
security.oauth2.enabled=false
#SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_URI
spring.security.oauth2.resource.server.uri=http://<host>:<ip>Database
Open the application.properties file and based on the type of database used; the corresponding values need to be updated. Please find below a sample Database configuration provided for MySQL database.
Example: for #MySQL database, use below mentioned values in the table:
#Hibernate properties:
Parameter
Description
Values to be replaced
spring.jpa.properties.hibernate.dialect
[DialectInfo] refers to Dialect information
org.hibernate.dialect.MySQL5Dialect
spring.datasource.driver.class.name
[DriverClassName] refers to Driver class name
com.mysql.jdbc.Driver
spring.datasource.url
[URL] refers to Database URL
jdbc:mysql://127.0.0.1:3306/emca
spring.datasource.username
[UserName] refers to UserName who has access to this schema
Root
spring.datasource.password
[Password] refers to Password for the user ( Refer Section 6)
nNh0bStJeJxo3eu3taSY2Q==
Ex:
#MySQL
DialectInfo= “org.hibernate.dialect.MySQLDialect”
DriverClassName=” com.mysql.jdbc.Driver”
URL= “jdbc:mysql://<127.0.0.1:3306>/ emca”
UserName=”root”
Password=”root”
Logs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of the log4j.xml file needs to be provided in the application.properties file which is set in the environment variables
Log4J XML file as shown below:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
<!-- Logging Properties -->
<Properties>
<Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
<Property name="APP_LOG_ROOT">[Local Server Path] </Property>
</Properties>
<Appenders>
<!-- Console Appender -->
<Console name="Console" target="SYSTEM_OUT" follow="true">
<PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
</Console>
<RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/emCA-API-warn.log" filePattern="${APP_LOG_ROOT}/emCA-API-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/emCA-API-info.log" filePattern="${APP_LOG_ROOT}/emCA-API-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/emCA-API-error.log" filePattern="${APP_LOG_ROOT}/emCA-API-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/emCA-API-debug.log" filePattern="${APP_LOG_ROOT}/emCA-API-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
</Appenders>
<Loggers>
<AsyncRoot level="debug" includeLocation="false">
<AppenderRef ref="infoLog" />
<AppenderRef ref="errorLog" />
<AppenderRef ref="warnLog" />
<AppenderRef ref="debugLog" />
<AppenderRef ref="Console" />
</AsyncRoot>
</Loggers>
</Configuration>
In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.
Deployment
The following component is required for deployment:
emCAServices.war
emCAServices comes as a war file that has to be deployed on the application server. Server provides configuration through the properties file.
Please configure and save all the properties defined in the properties file. Then deploy the configured emCAServices war file.
Please find below the steps to deploy the application:
Copy the emcaServices war inside Tomcat ->Web apps folder apache-tomcat-7.0.37\webapps.
Windows run services.msc.
Select the service Apache Tomcat and click start.
Quick Check Guide
Once deployment is completed and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox, etc. and enter the URL- https:/www.example.com/emcaServices
Example: https://www.example.com/emCAServices in the enter address field
The following message will be displayed as shown below.
OCSP Core
This section provides the step by step guide for installation, configuration, and usage of OCSP Core. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'.
Configuration
Environment Variables
For ocspcore.properties
This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.
For Linux
For setting environment variable in Linux run following command
sudo -H gedit /etc/environment
It will open environment folder and set OCSP Core path inside that
OCSPCORE_CONFIGURATION_PATH for ocspcore.properties file as shown in below figure
Once the Environment variable is set for ocspcore.properties, the user can open the ocspcore.properties to configure various options which includes configuring of database as well as logs.
Snapshot
Please find the below ocspcore.properties file snapshot for reference:
#EMOCSPRESPONDER_CONFIGURATION_PATH
#########################################################
## General information ##
#########################################################
## Boolean values = "yes" or "no" ##
## String values = base64 encoded ##
## Passwords = encrypted with PasswordSecure.jar ##
## Time intervals = in days if not specified otherwise ##
## Paths = always absolute paths ##
## Optionals = set to empty if not needed ##
#########################################################
#######################################
## MySQL Properties ##
#######################################
# DATASOURCE_DRIVER_CLASS_NAME
datasource.driver.class.name=com.mysql.cj.jdbc.Driver
# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
# DATASOURCE_URL
datasource.url=jdbc:mysql://localhost:3306/<databaseName>
# DATASOURCE_USERNAME
datasource.username=[Username]
# DATASOURCE_DATABASE_NAME
datasource.database.name=[default databaseName]
# DATASOURCE_PASSWORD
datasource.password=[Encryppt Password]
#######################################
## Encryption Keys path ##
#######################################
# EMCA_APPLICATION_AES_KEY_PATH
emca.application.aes.key.path=/home/emCA/emCAProperties/key/aes.key
# EMCA_APPLICATION_DB_AES_KEY_PATH
# optional if subscriber encryption mode is database
emca.application.db.aes.key.path=/home/emCA/emCAProperties/key/subscriber-aes.key
#######################################
## OCSP Response Cache ##
#######################################
# NEXT_UPDATE_IN_MINS
next.update.in.mins=1440
# CACHE_ENABLED
cache.enabled=Yes
#######################################
## log4j Configuration ##
#######################################
# LOG4J_FILE_PATH
log4j.file.path=/home/emCAv4Solution/emCAv4OCSP/OCSPProperties/ocspcore/log4j.xml
#######################################
## Spring Configuration ##
#######################################
# SPRING_MVC_VIEW_PREFIX
spring.mvc.view.prefix=/WEB-INF/View/
# SPRING_MVC_VIEW_SUFFIX
spring.mvc.view.suffix=.jsp
Database
ocspcore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for OCSP).
Open the ocspcore.properties file and change the below DB configuration:
Parameter
Description
hibernate.dialect
[DialectInfo] refers to Dialect information
datasource.driver.class.name
[DriverClassName] refers to Driver class name
datasource.url
[URL] refers to Database URL
datasource.database.name
[databaseName] default/ common name
datasource.username
[UserName] refers to UserName who has access to this schema
datasource.password
[Password] refers to Password for the user ( Refer Section 6)
Logs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspcore.properties file which is set in the environment variables [please refer section 6.3.1.1]
Log4J XML file as shown below:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
<!-- Logging Properties -->
<Properties>
<Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
<Property name="APP_LOG_ROOT">[Local Server Path] </Property>
</Properties>
<Appenders>
<!-- Console Appender -->
<Console name="Console" target="SYSTEM_OUT" follow="true">
<PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
</Console>
<RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/OCSP-Core-warn.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/OCSP-Core-info.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/OCSP-Core-error.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/OCSP-Core-debug.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
</Appenders>
<Loggers>
<AsyncRoot level="debug" includeLocation="false">
<AppenderRef ref="infoLog" />
<AppenderRef ref="errorLog" />
<AppenderRef ref="warnLog" />
<AppenderRef ref="debugLog" />
<AppenderRef ref="Console" />
</AsyncRoot>
</Loggers>
</Configuration>In the above LOCAL SERVER PATH, the administrator has to provide a folder path where in the log files get generated.
Deployment
The following component is required for deployment:
OCSP CORE(ocsprespondercore.war file)
OCSPCORE comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.
Please configure and save all the properties defined in the properties file defined in section -‘(B) For ocspcore.properties’ under section 5.6.1.1. Environment Variables.
Then deploy the configured OCSP Core war file.
Please find below steps to deploy the application:
Copy the ocsprespondercore.war inside Tomcat ->Web apps folder apache-tomcat\webapps
Windows run services.msc
Select Apache Tomcat and click Start
Quick Check Guide
Once deployment is successfully done and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below
https://www.example.com/ocsprespondercore in enter address field place (For ex: https:// 127.0.0.1:8080/ocsprespondercore)
The following message is displayed. This implies that the application is deployed properly.
“HTTP Status 405 - OCSP only supports POST”.
To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml).
"[Local Server Path]/ocspresponder.logPlease make sure that the log file is created in the above-mentioned path.
OCSP Responder Web
This section provides step by step guide for installation, configuration and usage of OCSP Web. This is generally deployed in the DMZ for external applications to interface. OCSP Web will in turn interfaces with OCSP Core that is deployed in the MZ where in only selected internal application will have access to it.
Configuration
Environment Variables - For ocspweb.properties
This file is used to configure logs.
For Linux
For setting the environment variable in Linux, run following command:
sudo -H gedit /etc/environment
It will open environment folder and set OCSP Web path inside that
OCSPWEB_CONFIGURATION_PATH for ocspweb.properties file as shown in below figure
Once the Environment variable is set for ocspweb.properties, the user can open the ocspweb.properties to configure logs.
Snapshot
Please find below is the ocspweb.properties file snapshot for reference:
#OCSPWEB_CONFIGURATION_PATH
# EMCA_OCSP_URL
emca.ocsp.url=http://127.0.0.1/OCSPResponderCore/ocsp
# EMCA_OCSP_REDIRECT_URL
# Redirect the url ocsp web if required
#emca.ocsp.redirect.url=https://google.com/
#######################################
## log4j Configuration ##
#######################################
# LOG4J_FILE_PATH
log4j.file.path=/home/emCAv4Solution/emCAv4OCSP/OCSPProperties/ocspweb/log4j.xml
#######################################
## Spring Configuration ##
#######################################
# SPRING_MVC_VIEW_PREFIX
spring.mvc.view.prefix=/WEB-INF/View/
# SPRING_MVC_VIEW_SUFFIX
spring.mvc.view.suffix=.jspConnection
OCSP Web has to connect to OCSP Core for passing the requests received by OCSP Web to OCSP Core. For connecting to OCSP Core, in the properties file as shown below
# URL where ocspcore is deployed
emca.ocsp.url=http://<ipaddress>:<port>/ocsprespondercoreLogs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspweb.properties file which is set in the environment variables [please refer section 6.4.1.1]
Log4J XML file as shown below:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
<!-- Logging Properties -->
<Properties>
<Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
<Property name="APP_LOG_ROOT">[Local Server Path] </Property>
</Properties>
<Appenders>
<!-- Console Appender -->
<Console name="Console" target="SYSTEM_OUT" follow="true">
<PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
</Console>
<RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-warn.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-info.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-A-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-error.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/OCSP- Responder-debug.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
</Appenders>
<Loggers>
<AsyncRoot level="debug" includeLocation="false">
<AppenderRef ref="infoLog" />
<AppenderRef ref="errorLog" />
<AppenderRef ref="warnLog" />
<AppenderRef ref="debugLog" />
<AppenderRef ref="Console" />
</AsyncRoot>
</Loggers>
</Configuration>
In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.
Deployment
The following components are required for deployment:
OCSP Web (ocspresponderweb.war file)
OCSP Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.
Please configure and save all the properties. Then deploy the configured OCSP Web war file.
Please find below steps to deploy the application:
Copy the ocspresponderweb.war inside Tomcat->Web apps folder apache-tomcat\webapps
Windows run services.msc
Go to Apache Tomcat and click Start
Quick Check Guide
Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below
https://www.example.com/ocspresponderweb in enter address field place (For ex: https:// 127.0.0.1:8080/ocspresponderweb)
The following message is displayed. This implies that the application is deployed properly.
“HTTP Status 405 - OCSP only supports POST”.
To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)
"[Local Server Path]/OCSPResponderWeb.logPlease make sure that the log file is created in the above-mentioned path.
TSA Core
This section provides step by step guide for installation, configuration, and usage of TSA Core. TSA Core including (emTSA and eTSA) is used for timestamping the requests received. And also help in managing timestamping Signers as well as keys.
Configuration
Environment Variables For tsacore.properties
This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for TSA application) as well as logs.
For Linux
For setting the environment variable in Linux, run the following command.
sudo -H gedit /etc/environment
It will open environment folder and set TSA Core path inside that
TSACORE_CONFIGURATION_PATH for tsacore.properties file as shown in below figure
Once the Environment variable is set for tsacore.properties, the user can open the tsacore.properties to configure various options which includes configuring of database as well as logs.
Snapshot
Please find below is the tsacore.properties file snapshot for reference:
# Configure ENV on the server
# ENV Variable : TSACORE_CONFIGURATION_PATH
# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
# JDBC_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.jdbc.Driver
# JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/tsa
# JDBC_USERNAME
jdbc.username=[username]
# JDBC_PASSWORD
jdbc.password=[Encrpted password]
# TIMEENABLED
time.enabled=4000
# APPLICATION_AES_KEY_PATH
application.aes.key.path=[AES Key file path]
# PKCS12_TYPE_KEY_PROFILES_LOCATION
pkcs12.type.key.profiles.location=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/pkcs12
# PKCS11_TYPE_KEY_PROFILES_LOCATION
pkcs11.type.key.profiles.location=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/pkcs11
# EMTSA_LOGGER_PROPERTIES
emtsa.logger.properties=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/emtsa-log4j.xml
# ETSA_LOGGER_PROPERTIES
etsa.logger.properties=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/etsa-log4j.xmlDatabase
tsacore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for TSA).
Open the tsacore.properties file and change the below DB configuration:
Parameter
Description
hibernate.dialect
[DialectInfo] refers to Dialect information
jdbc.driver.class.name
[DriverClassName] refers to Driver class name
jdbc.url
[URL] refers to Database URL
jdbc.username
[UserName] refers to UserName who has access to this schema
jdbc.password
[Password] refers to Password for the user ( Refer Section 6)
Logs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in tsacore.properties file which is set in the environment variables
Log4J XML file as shown below:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
<!-- Logging Properties -->
<Properties>
<Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
<Property name="APP_LOG_ROOT">[Local Server Path] </Property>
</Properties>
<Appenders>
<!-- Console Appender -->
<Console name="Console" target="SYSTEM_OUT" follow="true">
<PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
</Console>
<RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/TSA-Core-warn.log" filePattern="${APP_LOG_ROOT}/TSA-Core-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/TSA-Core-info.log" filePattern="${APP_LOG_ROOT}/TSA-Core-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/TSA-Core-error.log" filePattern="${APP_LOG_ROOT}/TSA-Core-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/TSA-Core-debug.log" filePattern="${APP_LOG_ROOT}/TSA-Core-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
</Appenders>
<Loggers>
<AsyncRoot level="debug" includeLocation="false">
<AppenderRef ref="infoLog" />
<AppenderRef ref="errorLog" />
<AppenderRef ref="warnLog" />
<AppenderRef ref="debugLog" />
<AppenderRef ref="Console" />
</AsyncRoot>
</Loggers>
</Configuration>In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.
Deployment
The following component is required for deployment:
TSA CORE(emTSA.war and eTSA.war file)
TSA CORE comes as 2 war files which has to be deployed on the application server. Server provides configuration through properties file.
Please configure and save all the properties defined in section - ‘(B) For tsacore.properties’ under section 5.8.1.1. Environment Variables. Then deploy the configured TSA Core war file.
Please find below steps to deploy the application:
Copy the eTSA.war inside Tomcat ->Web apps folder apache-tomcat\webapps
Windows run services.msc
Go to Apache Tomcat and Click start
Quick Check Guide
Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below
https://www.example.com/eTSA in enter address field place (For ex: https:// 127.0.0.1:8080/eTSA)
The TSA Login page will be displayed.
To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)
"[Local Server Path]/eTSA.logPlease make sure that the log file is created in the above-mentioned path.
TSA Web
This section provides step by step guide for the installation, configuration, and usage of TSA Web. This is generally deployed in the DMZ for external applications to interface. TSA Web will in turn interface with TSA Core that is deployed in the Militarized Zone/ Trusted Zone where in only selected internal applications will have access to it.
Configuration
Environment Variables For tsaweb.properties
This file is used to configure connections with TSA Core as well as logs.
For Linux
For setting the environment variable in Linux, run the following command.
sudo -H gedit /etc/environment
It will open environment folder and set TSA Web path inside that
TSAWEB_CONFIGURATION_PATH for tsaweb.properties file as shown in below figure
Once the Environment variable is set for tsaweb.properties, the user can open the tsaweb.properties to configure various options which includes configuring of connection to TSA Core well as logs.
Snapshot
For your reference, we have attached a snapshot of the tsaweb.properties file below:
# Configure ENV on the server
# ENV Variable : TSAWEB_CONFIGURATION_PATH
# EMCA_TSA_URL
emca.tsa.url=http://localhost/eTSA/etsa
# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
# DATASOURCE_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.jdbc.Driver
# JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/tsa
# JDBC_USERNAME
jdbc.username=[username]
# JDBC_PASSWORD
jdbc.password=[Encrypted Password]
# LOGGER_PROPERTIES
logger.properties=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsaweb/webtsa-log4j.xml
# APPLICATION_AES_KEY_PATH
application.aes.key.path=home/TestEnvronment/emCAProperties/key/aes.keyConnection
TSA Web has to connect to TSA Core for passing the requests received by TSA Web to TSA Core. For connecting to TSA Core, in the properties file as shown below
#URL where tsacore is deployed
emca.tsa.url=http://localhost/eTSA/etsaLogs
The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in tsaweb.properties file which is set in the environment variables [please refer section 6.6.1.1]
Log4J XML file as shown below:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
<!-- Logging Properties -->
<Properties>
<Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
<Property name="APP_LOG_ROOT">[Local Server Path] </Property>
</Properties>
<Appenders>
<!-- Console Appender -->
<Console name="Console" target="SYSTEM_OUT" follow="true">
<PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
</Console>
<RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/TSA-Web-warn.log" filePattern="${APP_LOG_ROOT}/TSA-Web-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/TSA-Web-info.log" filePattern="${APP_LOG_ROOT}/TSA-Web-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/TSA-Web-error.log" filePattern="${APP_LOG_ROOT}/TSA-Web-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/TSA-Web-debug.log" filePattern="${APP_LOG_ROOT}/TSA-Web-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
<LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
<PatternLayout pattern="${LOG_PATTERN}"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10MB" />
</Policies>
<DefaultRolloverStrategy max="30000"/>
</RollingFile>
</Appenders>
<Loggers>
<AsyncRoot level="debug" includeLocation="false">
<AppenderRef ref="infoLog" />
<AppenderRef ref="errorLog" />
<AppenderRef ref="warnLog" />
<AppenderRef ref="debugLog" />
<AppenderRef ref="Console" />
</AsyncRoot>
</Loggers>
</Configuration>In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.
Deployment
Following components are required for deployment:
TSA Web(WebTSA.war file)
TSA Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.
Please configure and save all the properties defined in section - ‘(B) For tsaweb.properties’ under section 5.9.1.1. Environment Variables. Then deploy the configured TSA Core war file.
Please find below steps to deploy the application:
Copy the WebTSA.war inside Tomcat->Web apps folder apache-tomcat\webapps
Windows run services.msc
Go to Apache Tomcat and click Start
Quick Check Guide
Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below
https://www.example.com/WebTSA in enter address field place (For ex: https:// 127.0.0.1:8080/WebTSA)
Following page is displayed . This implies that the application is deployed properly.
To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)
"[Local Server Path]/WebTSA.logPlease make sure that the log file is created in the above-mentioned path.
Schedular
This section provides a step-by-step guide to installing, configuring, and using the Scheduler.
Configuration
Environment Variables For scheduler.properties
This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCAScheduler) as well as logs.
Variable name: EMCA_SCHEDULER_CONFIGURATION_PATH
Variable value: location of property files (scheduler.properties)
For Linux
For setting the environment variable in Linux, run the following command.
sudo -H gedit /etc/environment
It will open the environment folder and set emCAScheduler path inside that
EMCA_SCHEDULER_CONFIGURATION_PATH for scheduler.properties file .
Once the Environment variable is set for scheduler.properties, the user can open the scheduler.properties to configure various options which includes configuring of connection to emCASheduler well as logs.
Snapshot
Please find below is the scheduler.properties file snapshot for reference:
#ENV_NAME :: EMCA_SCHEDULER_CONFIGURATION_PATH
#######################################
## MySQL Properties ##
#######################################
# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQLDialect
# JDBC_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.jdbc.Driver
# JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/<sheema>
# JDBC_USERNAME
jdbc.username=[username]
# JDBC_PASSWORD
jdbc.password=[encrypted password]
# JDBC_DB_NAME
jdbc.db.name=<sheema>
# EMCA_APPLICATION_AES_KEY_PATH
emca.application.aes.key.path=[emca encryption file path]
# LOG4J_FILE_PATH
log4j.file.path=/home/emca/emCAv4Solution/emCAv4-Scheduler/log4j.xml
# REINSTATE_DAYS_CHECK
reinstate.days.check=1
# CRL_FREQUENCY_DISABLE
#yes-skip frequency from emCA Application
#No-whenever scheduler run it will update
crl.frequency.disable=yes
#################################
## FTP SERVER ##
#################################
# FTP_SERVER_HOST
ftp.server.host = <ip_address>
# FTP_SERVER_PORT
ftp.server.port = 21
# FTP_SERVER_USERNAME
ftp.server.username = <ftp_username>
# FTP_SERVER_PASSWORD
ftp.server.password = <ftp_password>
# FTP_SERVER_FILE_PATH
ftp.server.file.path=<ftp_file_path>
# EMCA_REPOSITORY_CRL
emca.repository.crl=true
# EMCA_REPOSITORY_CERT
emca.repository.cert=true
#################################
## LDAP repository ##
#################################
# EMCA_LDAP_OS
emca.ldap.os=l
# EMCA_LDAP_CONTAINER_NAME
emca.ldap.container.name=<container>
# EMCA_LDAP_CRL
emca.ldap.crl=true
# EMCA_LDAP_CERT
emca.ldap.cert=true
# EMCA_LDAP_GENERATED_BEFORE
emca.ldap.generated.before=0
#################################
## Local repository ##
#################################
# LOCAL_REPOSITORY_FILE_PATH
local.repository.file.path=/home/emca/emCAv4Solution/emCAv4-Scheduler/LocalPath
#################################
## E-Mail Server Settings ##
#################################
# EMCA_MAIL_SERVER_SMTP_SSL_ENABLE
emca.mail.server.smtp.ssl.enable=false
# EMCA_MAIL_SERVER_HOST
emca.mail.server.host=[smpt host]
# EMCA_MAIL_SERVER_PORT
emca.mail.server.port=[port]
# EMCA_MAIL_SERVER_USERNAME
emca.mail.server.username=[Base64 encoded username]
# EMCA_MAIL_SERVER_PASSWORD
emca.mail.server.password=[Base64 encoded password]
# EMCA_MAIL_SERVER_TLS_ENABLE
emca.mail.server.tls.enable=true
# EMCA_MAIL_SERVER_AUTH
emca.mail.server.auth=true
#################################
## E-Mail Setting ##
#################################
# EXPIRESOON_DAYS
expiresoon.days=31
# EMCA_MAIL_FROM_NAME
emca.mail.from.name=[Emudhra Private Limited]
# EMCA_MAIL_FROM
emca.mail.from=[Base64 encoded from mail]
# EMCA_MAIL_SUBJECT
emca.mail.subject=Certificate about to expire
# EMCA_MAIL_ADDON_TO_EMAILS
emca.mail.addon.to.emails=[Base64 encoded to mails with "," separated]
# EMCA_MAIL_ADDON_CC_EMAILS
emca.mail.addon.cc.emails=[Base64 encoded to mails with "," separated]
# EMCA_MAIL_CONTACT_MAIL
emca.mail.contact.mail=[Contact mail]
# EMCA_MAIL_SMIME_ENABLE
emca.mail.smime.enable=false
# EMCA_MAIL_SMIME_KEYSTORE_PATH
emca.mail.smime.keystore.path=/home/emca/smme/smime-keystore.PFX
# EMCA_MAIL_SMIME_KEYSTORE_PASSWORD
emca.mail.smime.keystore.password=ZU11ZGhyYUAx
# EMCA_MAIL_SMIME_ENCRYPTION_REQUIRED
emca.mail.smime.encryption.required=true
# EMCA_MAIL_SMIME_ENCRYPTION_CERTIFICATE_PATH
emca.mail.smime.encryption.certificate.path=/home/emca/smme/recept.cer
# EMCA_USER_EXPIRE_ALERT
emca.user.expire.alert=true
# EMCA_USER_CERTIFICATE_EXPIRE_SUBJECT
emca.user.certificate.expire.subject=Certificate about to expire
# EMCA_PASSWORD_EXPIRE_SUBJECT
emca.password.expire.subject=User account about to expire
# CA_CERTIFICATE_EXPIRE_ALERT
ca.certificate.expire.alert=false
# CA_CERTIFICATE_EXPIRE_SUBJECT
ca.certificate.expire.subject=Certificate about to expire
# USER_CERTIFICATE_EXPIRE_ALERT
user.certificate.expire.alert=false
# USER_CERTIFICATE_EXPIRE_SUBJECT
user.certificate.expire.subject=Certificate about to expire
Deployment
The following component is required for deployment.
emCAScheduler.bat
emCAScheduler comes as a .bat file which has to run and provide configuration through properties file.
Please configure and save all the properties defined in section –‘(B) For scheduler.properties’. Environment Variables. Then run the emCASchedule .bat file.
Please find below steps to run the scheduler in windows:
Copy the emCAScheduler.bat inside C:\emCA
run emCAScheduler.bat you will get the window as given below:
For scheduling task or emCAScheduler follow the steps given below :
Go to start in windows → search for Task Scheduler and open it as shown below
Click on ‘Create Basic Task’ from the right side of window. The Create Basic Task Wizard window will be displayed. Enter the Name of the scheduler as required. The Description is optional as shown below.
Click on Next. You will be redirected to another window where the Task start time can be selected.
Click on ‘Next’. You will be redirected to another window. Set the date and time as given below:
Click on ‘Next’. Select the ‘Action’ as shown below.
Once done, enter the Program/Script to start a program and enter the argument to run the scheduler. Argument can be either single or multiple. Arguments can be entered with space as follows:
crl file suspendedCerts ftp ldap
a) crl : Run the command ‘crl scheduler’ to update the CRL where validity is less than the current date.
b) file: Run the command ‘file scheduler’ to copy all the CRL into local file folder.
c) suspendedCerts : Run the command ‘suspendedCerts’ to revoke the suspended certificates.
d) ftp: Run the command ‘ftp’ to copy all the Root, CA, certificates which is created through emCA application into a file server.
f) ldap: Run the command ‘ldap’ to publish all the Root, CA and User certificates in LDAP server.
Click on ‘Next’ button. The following window will be displayed.
Click on ‘Finish’. You can see the task scheduled as ‘emCAScheduler’ by clicking on ‘Task Scheduled Library’ on the left side of the window given below.
Quick Check Guide
To verify if the emCAScheduler is successfully run, follow the below steps.
FTP: View the certificate in FTP with the credentials given in properties as FTP details:
Give the Login Url: ftp:// 127.0.0.1. in the properties file (server: 127.0.0.1). The system will request for username and password as shown below:
Enter the user name and password as mentioned in the properties file: user = [FTP USER], pass = [FTP PASSWORD], and click on the Sign in button.
Now click on the folder as given in the properties file: path=[FTP FOLDER NAME] . you can see all the certificates.
Last updated