Deploying Build Files

emCA

This section describes the procedure for configuring the environment variables required for emCA.

Configuration

Note: All actions required for setting up and configuring emCA should be done using administrator privileges.

Environment Variables

For emCA.properties

In emCA application deployment, the configuration of properties file is done through environment variables. In this case, the user has to place the emCA.properties file on the server and make a note of the location of properties file. The same path needs to be provided during environment variables configuration. This file is used to configure database, logs and truststore.

Following is the procedure for configuring emCA.properties file in environment variables. The same Variable Name that is defined below has to be used during configuration.

Variable name: EMCA_CONFIGURATION_PATH

Variable value: location of property files (emCA.properties)

For Windows

Go to Advanced System Settings -> Click on Environment Variables -> Click on New; then Enter the following as shown below figure

Variable name: EMCA_CONFIGURATION_PATH

Variable value: location of property files (emCA.properties)

It is recommended to restart the system after setting the environment variables

For Linux

For setting environment variables in Linux run the following command

sudo -H gedit /etc/environment

It will open the environment folder and set the emCA core path inside the folder.

EMCA _CONFIGURATION_PATH for emCA.properties file

Once the Environment variable is set for emCA.properties, the user can open the emCA.properties to configure various options which include configuring of database as well as logs.

It is recommended to restart the system after setting the environment variables.

Snapshot

Please find below is the emCA.properties file snapshot along with description of properties:

#########################################################
##                 General information                 ##
#########################################################
## Boolean values = "yes" or "no"                      ##
## String values  = base64 encoded                     ##
## Passwords      = encrypted with PasswordSecure.jar  ##
## Time intervals = in days if not specified otherwise ##
## Paths          = always absolute paths              ##
## Optionals      = set to empty if not needed         ##
#########################################################

#######################################
##          MySQL Properties         ##
#######################################

#HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect

#JDBC_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.cj.jdbc.Driver

#JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/<sheema>

#JDBC_DB_NAME
jdbc.db.name=<sheema>

#JDBC_DB_HOST
jdbc.db.host = localhost

#JDBC_DB_PORT
jdbc.db.port = 3306

#JDBC_APPLICATION_USERNAME
jdbc.application.username=[application username]

#JDBC_APPLICATION_PASSWORD
jdbc.application.password=[encrypted password]


#true : enabled; false : dicebled
#DATABASE_EMCA_ROLE_ACCESS_ENABLED
database.emca.role.access.enabled=true

# CA Administrator Role
#JDBC_ROLE_CAADMINISTRATOR_USERNAME
jdbc.role.caadministrator.username=[administrator username]

#JDBC_ROLE_CAADMINISTRATOR_PASSWORD
jdbc.role.caadministrator.password=[encrypted password]

# Administrator Role
#JDBC_ROLE_ADMINISTRATOR_USERNAME
jdbc.role.administrator.username=[administrator username]

#JDBC_ROLE_ADMINISTRATOR_PASSWORD
jdbc.role.administrator.password=[encrypted password]

# Officer Role

#JDBC_ROLE_OFFICER_USERNAME
jdbc.role.officer.username=[administrator username]

#JDBC.ROLE.OFFICER.PASSWORD
jdbc.role.officer.password=[encrypted password]

# Auditor Role
#JDBC_ROLE_AUDITOR_USERNAME
jdbc.role.auditor.username=[administrator username]

#JDBC_ROLE_AUDITOR_PASSWORD
jdbc.role.auditor.password=[encrypted password]

#EMCA_APPLICATION_FOLDERS_LOCATION
emca.application.folders.location=[emCA Folders path]

Database

Open the emCA.properties file and based on the type of database used; the corresponding values need to be updated. Please find the below sample Database configuration provided for MySQL database.

Example: for #MySQL database, use the below-mentioned values in the table:

hibernate.dialect

[DialectInfo] refers to Dialect information

org.hibernate.dialect.MySQLDialect

jdbc.driver.class.name

[DriverClassName] refers to Driver class name

com.mysql.jdbc.Driver

jdbc.url

[URL] refers to Database URL

jdbc:mysql://127.0.0.1:3306/emca

jdbc.application.username

[UserName] refers to UserName who has access to this schema

root

jdbc.application.password

[Password] refers to Password for the user

nNh0bStJeJxo3eu3taSY2Q==

Logs

In the emCA.properties file also configure the logs path for capturing events. Provide the log file path to capture logs.

#Configure the log4j.xml path [This property is meant to configure local server path of log4j file]
logFilePath=C:/emCA/emCAPropertyFiles/log4j.xml

Note: If java.util.logging.FileHandler is not configured then application logs will not be generated.

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">

    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
    
    <Appenders>
    
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
        
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/emCA-warn.log" filePattern="${APP_LOG_ROOT}/emCA-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/emCA-info.log" filePattern="${APP_LOG_ROOT}/emCA-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/emCA-error.log" filePattern="${APP_LOG_ROOT}/emCA-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
		
		<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/emCA-debug.log" filePattern="${APP_LOG_ROOT}/emCA-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
            
    </Appenders>

    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
			 <AppenderRef ref="debugLog" />
			<AppenderRef ref="Console" /> 
        </AsyncRoot>
    </Loggers>
</Configuration>

Deployment

The following component is required for deployment:

emCA application (emCA.war file)

emCA application package is provided as a war file which has to be deployed on the application server. Please configure and save all the properties in the file defined in section –‘For emCA.properties’ under Environment Variables

Please find the following steps to deploy the application:

Copy the emCA.war inside Tomcat->Web apps folder apache-tomcat-7.0.37\webapps.
Windows run services.msc.
Select the service name Apache Tomcat and Click Start.

Quick Check Guide

To verify if the application has been successfully deployed, please follow the below steps:

Once deployment is completed and server is started, open any browser like IE, Google Chrome, Firefox etc. and enter URL - https://www.example.com/emCA/login.htm

emCA login page should be displayed as shown below

After successful deployment of the emCA application, check if all the Tables have been created in the specified schema in the database.

Also, check for log file generation in the path mentioned (Configuration->Log Properties).

NOTE:

java.util.logging.FileHandler.pattern = <LogFolderPath>//emca_debug.log

A log file should have been generated in the above-mentioned path.

emCA API

This section provides the procedure for emCA API deployment and configuration. emCA API (emcaServices) provides an open API (Application Programming Interface) for integrating certificate services with third-party applications and devices. emCA API supports REST in JSON format. emCA APIs are light weight and flexible.

Requirement

emcaServices.war package

Deploy WAR

Copy emcaServices.war to <APP_SERVER>/webapps/
Configure EMCA_CONFIGURATION_PATH
Define datasource or JNDI for API database access

Start Service

Restart application server
Verify endpoint availability at https://<host>:<port>/emCA/api/health

Authentication & Transport

All endpoints require TLS
Use token-based authentication in HTTP headers

Supported REST Methods

CA Management:

GET

getKeyProfiles

POST

createCA

POST

createCSR

POST

importCertificate

POST

createOrUpdateCRLProfile

POST

createOrUpdateCRL

POST

getCRL

GET

getCRL

POST

revoke/suspend

POST

reinstateCA

POST

createOrUpdateUserProfile

POST

createUserCertificate

Certificate Management:

POST

getJwt-token

POST

createCertificate

POST

createCertificates

POST

createCustomCertificate

POST

createKeyStore

POST

rekey

POST

regenerateKeyStore

POST

revoke

POST

suspend

POST

reinstate

POST

getCertificate

POST

getProfiles

POST

getProfileInfo

POST

getCertInfo

POST

getCertCount

POST

getExpiringSoonCertInfo

POST

getCAs

POST

getCertificateChain

GET

getCAs

GET

getCertificateChain

GET

getProfileInfo

GET

getProfiles

GET

getCertificate

Configuration

Note: All actions required for setting up and configuring emCA should be done using administrator privileges.

Environment Variables

Application.properties

This file is used to configure database-related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.

For Windows

Configure the property file path in environment variables as shown in below figure .

Variable name: EMCA_SERVICES_CONFIGURATION_PATH

Variable value: location of property files (application.properties)

For Linux

For setting environment variable in Linux, run following command.

sudo -H gedit /etc/environment

It will open the environment folder and set the emCA and emCA Services path inside the folder.

EMCA_SERVICES_CONFIGURATION_PATH for application.properties file as shown in the below figure.

Once the Environment variable is set for application.properties, the user can open the application.properties to configure various options which includes configuring of database as well as logs.

Snapshot

Application.properties file snapshot for reference:

#########################################################
##                 General information                 ##
#########################################################
## Boolean values = "yes" or "no"                      ##
## String values  = base64 encoded                     ##
## Passwords      = encrypted with PasswordSecure.jar  ##
## Time intervals = in days if not specified otherwise ##
## Paths          = always absolute paths              ##
#########################################################

#######################################
##          MySQL Connection         ##
#######################################

#SPRING_DATASOURCE_DRIVER_CLASS_NAME
spring.datasource.driver.class.name=com.mysql.jdbc.Driver

#SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect

#SPRING_DATASOURCE_URL
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/<sheema>

#SPRING_DATASOURCE_NAME
spring.datasource.name=<sheema>

#SPRING_DATASOURCE_USERNAME
spring.datasource.username=[username]

#SPRING_DATASOURCE_PASSWORD
spring.datasource.password=[encrypted password]

#EMCA_APPLICATION_FOLDERS_LOCATION
emca.application.folders.location=[emca folders locations]

#######################################
##       OAUTH2 Configuration        ##
#######################################

#SECURITY_OAUTH2_ENABLED
security.oauth2.enabled=false

#SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_URI
spring.security.oauth2.resource.server.uri=http://<host>:<ip>

Database

Open the application.properties file and based on the type of database used; the corresponding values need to be updated. Please find below a sample Database configuration provided for MySQL database.

Example: for #MySQL database, use below mentioned values in the table:

#Hibernate properties:

Parameter

Description

Values to be replaced

spring.jpa.properties.hibernate.dialect

[DialectInfo] refers to Dialect information

org.hibernate.dialect.MySQL5Dialect

spring.datasource.driver.class.name

[DriverClassName] refers to Driver class name

com.mysql.jdbc.Driver

spring.datasource.url

[URL] refers to Database URL

jdbc:mysql://127.0.0.1:3306/emca

spring.datasource.username

[UserName] refers to UserName who has access to this schema

Root

spring.datasource.password

[Password] refers to Password for the user ( Refer Section 6)

nNh0bStJeJxo3eu3taSY2Q==

Ex:

#MySQL

DialectInfo= “org.hibernate.dialect.MySQLDialect”

DriverClassName=” com.mysql.jdbc.Driver”

URL= “jdbc:mysql://<127.0.0.1:3306>/ emca”

UserName=”root”

Password=”root”

Note: The same schema which is used for the emCA application should be used for the emCA API as well

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of the log4j.xml file needs to be provided in the application.properties file which is set in the environment variables

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">

    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
    
    <Appenders>
    
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
        
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/emCA-API-warn.log" filePattern="${APP_LOG_ROOT}/emCA-API-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/emCA-API-info.log" filePattern="${APP_LOG_ROOT}/emCA-API-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/emCA-API-error.log" filePattern="${APP_LOG_ROOT}/emCA-API-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
		
		<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/emCA-API-debug.log" filePattern="${APP_LOG_ROOT}/emCA-API-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
            
    </Appenders>

    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
			 <AppenderRef ref="debugLog" />
			<AppenderRef ref="Console" /> 
        </AsyncRoot>
    </Loggers>

</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.

Deployment

The following component is required for deployment:

emCAServices.war

emCAServices comes as a war file that has to be deployed on the application server. Server provides configuration through the properties file.

Please configure and save all the properties defined in the properties file. Then deploy the configured emCAServices war file.

Please find below the steps to deploy the application:

Copy the emcaServices war inside Tomcat ->Web apps folder apache-tomcat-7.0.37\webapps.
Windows run services.msc.
Select the service Apache Tomcat and click start.

Quick Check Guide

Once deployment is completed and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox, etc. and enter the URL- https:/www.example.com/emcaServices

Example: https://www.example.com/emCAServices in the enter address field

The following message will be displayed as shown below.

OCSP Core

This section provides the step by step guide for installation, configuration, and usage of OCSP Core. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'.

Configuration

Note: All actions required for setting up and configuring OCSP Core should be done using administrator privileges.

Environment Variables

For ocspcore.properties

This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs.

For Linux

For setting environment variable in Linux run following command

sudo -H gedit /etc/environment

It will open environment folder and set OCSP Core path inside that

OCSPCORE_CONFIGURATION_PATH for ocspcore.properties file as shown in below figure

Once the Environment variable is set for ocspcore.properties, the user can open the ocspcore.properties to configure various options which includes configuring of database as well as logs.

Snapshot

Please find the below ocspcore.properties file snapshot for reference:

#EMOCSPRESPONDER_CONFIGURATION_PATH
#########################################################
##                 General information                 ##
#########################################################
## Boolean values = "yes" or "no"                      ##
## String values  = base64 encoded                     ##
## Passwords      = encrypted with PasswordSecure.jar  ##
## Time intervals = in days if not specified otherwise ##
## Paths          = always absolute paths              ##
## Optionals      = set to empty if not needed         ##
#########################################################

#######################################
##          MySQL Properties         ##
#######################################

# DATASOURCE_DRIVER_CLASS_NAME
datasource.driver.class.name=com.mysql.cj.jdbc.Driver

# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect

# DATASOURCE_URL
datasource.url=jdbc:mysql://localhost:3306/<databaseName>

# DATASOURCE_USERNAME
datasource.username=[Username]

# DATASOURCE_DATABASE_NAME
datasource.database.name=[default databaseName]

# DATASOURCE_PASSWORD
datasource.password=[Encryppt Password]

#######################################
##      Encryption Keys path         ##
#######################################

# EMCA_APPLICATION_AES_KEY_PATH
emca.application.aes.key.path=/home/emCA/emCAProperties/key/aes.key

# EMCA_APPLICATION_DB_AES_KEY_PATH
# optional if subscriber encryption mode is database
emca.application.db.aes.key.path=/home/emCA/emCAProperties/key/subscriber-aes.key

#######################################
##      OCSP Response Cache          ##
#######################################

# NEXT_UPDATE_IN_MINS
next.update.in.mins=1440

# CACHE_ENABLED
cache.enabled=Yes

#######################################
##       log4j Configuration         ##
#######################################

# LOG4J_FILE_PATH
log4j.file.path=/home/emCAv4Solution/emCAv4OCSP/OCSPProperties/ocspcore/log4j.xml

#######################################
##       Spring Configuration        ##
#######################################

# SPRING_MVC_VIEW_PREFIX
spring.mvc.view.prefix=/WEB-INF/View/

# SPRING_MVC_VIEW_SUFFIX
spring.mvc.view.suffix=.jsp

Database

ocspcore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for OCSP).

Open the ocspcore.properties file and change the below DB configuration:

Parameter

Description

hibernate.dialect

[DialectInfo] refers to Dialect information

datasource.driver.class.name

[DriverClassName] refers to Driver class name

datasource.url

[URL] refers to Database URL

datasource.database.name

[databaseName] default/ common name

datasource.username

[UserName] refers to UserName who has access to this schema

datasource.password

[Password] refers to Password for the user ( Refer Section 6)

Note: Default values in the configuration file will be used if it’s not changed as per the requirement. Please configure as per your requirement.

OCSP Responder will connect with the same schema which is connected to the emCA Application

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspcore.properties file which is set in the environment variables [please refer section 6.3.1.1]

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
 
    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
   
    <Appenders>
   
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
       
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/OCSP-Core-warn.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/OCSP-Core-info.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/OCSP-Core-error.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
                            
                             <RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/OCSP-Core-debug.log" filePattern="${APP_LOG_ROOT}/OCSP-Core-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
           
    </Appenders>
 
    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
                                            <AppenderRef ref="debugLog" />
                                           <AppenderRef ref="Console" />
        </AsyncRoot>
    </Loggers>
 
</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide a folder path where in the log files get generated.

Deployment

The following component is required for deployment:

OCSP CORE(ocsprespondercore.war file)

OCSPCORE comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.

Please configure and save all the properties defined in the properties file defined in section -‘(B) For ocspcore.properties’ under section 5.6.1.1. Environment Variables.

Then deploy the configured OCSP Core war file.

Please find below steps to deploy the application:

Copy the ocsprespondercore.war inside Tomcat ->Web apps folder apache-tomcat\webapps
Windows run services.msc
Select Apache Tomcat and click Start

Quick Check Guide

Once deployment is successfully done and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below

https://www.example.com/ocsprespondercore in enter address field place (For ex: https:// 127.0.0.1:8080/ocsprespondercore)

The following message is displayed. This implies that the application is deployed properly.

“HTTP Status 405 - OCSP only supports POST”.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml).

"[Local Server Path]/ocspresponder.log

Please make sure that the log file is created in the above-mentioned path.

OCSP Responder Web

This section provides step by step guide for installation, configuration and usage of OCSP Web. This is generally deployed in the DMZ for external applications to interface. OCSP Web will in turn interfaces with OCSP Core that is deployed in the MZ where in only selected internal application will have access to it.

Configuration

Note – all actions required for setting up and configuring OCSP Web should be done using administrator privileges

Environment Variables - For ocspweb.properties

This file is used to configure logs.

For Linux

For setting the environment variable in Linux, run following command:

sudo -H gedit /etc/environment

It will open environment folder and set OCSP Web path inside that

OCSPWEB_CONFIGURATION_PATH for ocspweb.properties file as shown in below figure

Once the Environment variable is set for ocspweb.properties, the user can open the ocspweb.properties to configure logs.

Snapshot

Please find below is the ocspweb.properties file snapshot for reference:

#OCSPWEB_CONFIGURATION_PATH


# EMCA_OCSP_URL
emca.ocsp.url=http://127.0.0.1/OCSPResponderCore/ocsp

# EMCA_OCSP_REDIRECT_URL
# Redirect the url ocsp web if required
#emca.ocsp.redirect.url=https://google.com/

#######################################
##       log4j Configuration         ##
#######################################

# LOG4J_FILE_PATH
log4j.file.path=/home/emCAv4Solution/emCAv4OCSP/OCSPProperties/ocspweb/log4j.xml

#######################################
##      Spring Configuration         ##
#######################################

# SPRING_MVC_VIEW_PREFIX
spring.mvc.view.prefix=/WEB-INF/View/

# SPRING_MVC_VIEW_SUFFIX
spring.mvc.view.suffix=.jsp

Connection

OCSP Web has to connect to OCSP Core for passing the requests received by OCSP Web to OCSP Core. For connecting to OCSP Core, in the properties file as shown below

# URL where ocspcore is deployed
emca.ocsp.url=http://<ipaddress>:<port>/ocsprespondercore

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspweb.properties file which is set in the environment variables [please refer section 6.4.1.1]

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">

    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
    
    <Appenders>
    
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
        
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-warn.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-info.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-A-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
        
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/OCSP-Responder-error.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
		
		<RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/OCSP- Responder-debug.log" filePattern="${APP_LOG_ROOT}/OCSP-Responder-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
            
    </Appenders>

    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
			 <AppenderRef ref="debugLog" />
			<AppenderRef ref="Console" /> 
        </AsyncRoot>
    </Loggers>

</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.

Deployment

The following components are required for deployment:

OCSP Web (ocspresponderweb.war file)

OCSP Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.

Please configure and save all the properties. Then deploy the configured OCSP Web war file.

Please find below steps to deploy the application:

Copy the ocspresponderweb.war inside Tomcat->Web apps folder apache-tomcat\webapps
Windows run services.msc
Go to Apache Tomcat and click Start

Quick Check Guide

Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below

https://www.example.com/ocspresponderweb in enter address field place (For ex: https:// 127.0.0.1:8080/ocspresponderweb)

The following message is displayed. This implies that the application is deployed properly.

“HTTP Status 405 - OCSP only supports POST”.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)

 "[Local Server Path]/OCSPResponderWeb.log

Please make sure that the log file is created in the above-mentioned path.

TSA Core

This section provides step by step guide for installation, configuration, and usage of TSA Core. TSA Core including (emTSA and eTSA) is used for timestamping the requests received. And also help in managing timestamping Signers as well as keys.

Configuration

Note: All actions required for setting up and configuring TSA Core should be done using administrator privileges

Environment Variables For tsacore.properties

For Linux

For setting the environment variable in Linux, run the following command.

sudo -H gedit /etc/environment

It will open environment folder and set TSA Core path inside that

TSACORE_CONFIGURATION_PATH for tsacore.properties file as shown in below figure

Once the Environment variable is set for tsacore.properties, the user can open the tsacore.properties to configure various options which includes configuring of database as well as logs.

Snapshot

Please find below is the tsacore.properties file snapshot for reference:

# Configure ENV on the server 
# ENV Variable : TSACORE_CONFIGURATION_PATH

# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect

# JDBC_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.jdbc.Driver

# JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/tsa

# JDBC_USERNAME
jdbc.username=[username]

# JDBC_PASSWORD
jdbc.password=[Encrpted password]

# TIMEENABLED
time.enabled=4000

# APPLICATION_AES_KEY_PATH
application.aes.key.path=[AES Key file path]

# PKCS12_TYPE_KEY_PROFILES_LOCATION
pkcs12.type.key.profiles.location=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/pkcs12

# PKCS11_TYPE_KEY_PROFILES_LOCATION
pkcs11.type.key.profiles.location=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/pkcs11

# EMTSA_LOGGER_PROPERTIES
emtsa.logger.properties=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/emtsa-log4j.xml

# ETSA_LOGGER_PROPERTIES
etsa.logger.properties=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/etsa-log4j.xml

Database

tsacore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for TSA).

Open the tsacore.properties file and change the below DB configuration:

Parameter

Description

hibernate.dialect

[DialectInfo] refers to Dialect information

jdbc.driver.class.name

[DriverClassName] refers to Driver class name

jdbc.url

[URL] refers to Database URL

jdbc.username

[UserName] refers to UserName who has access to this schema

jdbc.password

[Password] refers to Password for the user ( Refer Section 6)

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in tsacore.properties file which is set in the environment variables

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
 
    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
   
    <Appenders>
   
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
       
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/TSA-Core-warn.log" filePattern="${APP_LOG_ROOT}/TSA-Core-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/TSA-Core-info.log" filePattern="${APP_LOG_ROOT}/TSA-Core-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/TSA-Core-error.log" filePattern="${APP_LOG_ROOT}/TSA-Core-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
                            
                             <RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/TSA-Core-debug.log" filePattern="${APP_LOG_ROOT}/TSA-Core-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
           
    </Appenders>
 
    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
                                            <AppenderRef ref="debugLog" />
                                           <AppenderRef ref="Console" />
        </AsyncRoot>
    </Loggers>
 
</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.

Deployment

The following component is required for deployment:

TSA CORE(emTSA.war and eTSA.war file)

TSA CORE comes as 2 war files which has to be deployed on the application server. Server provides configuration through properties file.

Please configure and save all the properties defined in section - ‘(B) For tsacore.properties’ under section 5.8.1.1. Environment Variables. Then deploy the configured TSA Core war file.

Please find below steps to deploy the application:

Copy the eTSA.war inside Tomcat ->Web apps folder apache-tomcat\webapps
Windows run services.msc
Go to Apache Tomcat and Click start

Quick Check Guide

Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below

https://www.example.com/eTSA in enter address field place (For ex: https:// 127.0.0.1:8080/eTSA)

The TSA Login page will be displayed.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)

"[Local Server Path]/eTSA.log

Please make sure that the log file is created in the above-mentioned path.

TSA Web

This section provides step by step guide for the installation, configuration, and usage of TSA Web. This is generally deployed in the DMZ for external applications to interface. TSA Web will in turn interface with TSA Core that is deployed in the Militarized Zone/ Trusted Zone where in only selected internal applications will have access to it.

Configuration

Note: All actions required for setting up and configuring TSA Web should be done using administrator privileges.

Environment Variables For tsaweb.properties

This file is used to configure connections with TSA Core as well as logs.

For Linux

For setting the environment variable in Linux, run the following command.

sudo -H gedit /etc/environment

It will open environment folder and set TSA Web path inside that

TSAWEB_CONFIGURATION_PATH for tsaweb.properties file as shown in below figure

Once the Environment variable is set for tsaweb.properties, the user can open the tsaweb.properties to configure various options which includes configuring of connection to TSA Core well as logs.

Snapshot

For your reference, we have attached a snapshot of the tsaweb.properties file below:

# Configure ENV on the server
# ENV Variable : TSAWEB_CONFIGURATION_PATH

# EMCA_TSA_URL
emca.tsa.url=http://localhost/eTSA/etsa

# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQL8Dialect

# DATASOURCE_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.jdbc.Driver

# JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/tsa

# JDBC_USERNAME
jdbc.username=[username]

# JDBC_PASSWORD
jdbc.password=[Encrypted Password]

# LOGGER_PROPERTIES
logger.properties=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsaweb/webtsa-log4j.xml

# APPLICATION_AES_KEY_PATH
application.aes.key.path=home/TestEnvronment/emCAProperties/key/aes.key

Connection

TSA Web has to connect to TSA Core for passing the requests received by TSA Web to TSA Core. For connecting to TSA Core, in the properties file as shown below

#URL where tsacore is deployed
emca.tsa.url=http://localhost/eTSA/etsa

Logs

The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in tsaweb.properties file which is set in the environment variables [please refer section 6.6.1.1]

Log4J XML file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" monitorInterval="30">
 
    <!-- Logging Properties -->
    <Properties>
        <Property name="LOG_PATTERN">[%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n</Property>
        <Property name="APP_LOG_ROOT">[Local Server Path] </Property>
    </Properties>
   
    <Appenders>
   
        <!-- Console Appender -->
        <Console name="Console" target="SYSTEM_OUT" follow="true">
            <PatternLayout disableAnsi="false" pattern="${CONSOLE_LOG_PATTERN}" />
        </Console>
       
        <RollingFile name="warnLog" fileName="${APP_LOG_ROOT}/TSA-Web-warn.log" filePattern="${APP_LOG_ROOT}/TSA-Web-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="infoLog" fileName="${APP_LOG_ROOT}/TSA-Web-info.log" filePattern="${APP_LOG_ROOT}/TSA-Web-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
       
        <RollingFile name="errorLog" fileName="${APP_LOG_ROOT}/TSA-Web-error.log" filePattern="${APP_LOG_ROOT}/TSA-Web-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
                            
                             <RollingFile name="debugLog" fileName="${APP_LOG_ROOT}/TSA-Web-debug.log" filePattern="${APP_LOG_ROOT}/TSA-Web-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true">
            <LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/>
            <PatternLayout pattern="${LOG_PATTERN}"/>
            <Policies>
                <OnStartupTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="10MB" />
            </Policies>
            <DefaultRolloverStrategy max="30000"/>
        </RollingFile>
           
    </Appenders>
 
    <Loggers>
        <AsyncRoot level="debug" includeLocation="false">
            <AppenderRef ref="infoLog"  />
            <AppenderRef ref="errorLog" />
            <AppenderRef ref="warnLog" />
                                            <AppenderRef ref="debugLog" />
                                           <AppenderRef ref="Console" />
        </AsyncRoot>
    </Loggers>
 
</Configuration>

In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated.

Deployment

Following components are required for deployment:

TSA Web(WebTSA.war file)

TSA Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file.

Please configure and save all the properties defined in section - ‘(B) For tsaweb.properties’ under section 5.9.1.1. Environment Variables. Then deploy the configured TSA Core war file.

Please find below steps to deploy the application:

Copy the WebTSA.war inside Tomcat->Web apps folder apache-tomcat\webapps
Windows run services.msc
Go to Apache Tomcat and click Start

Quick Check Guide

Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below

https://www.example.com/WebTSA in enter address field place (For ex: https:// 127.0.0.1:8080/WebTSA)

Following page is displayed . This implies that the application is deployed properly.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml)

"[Local Server Path]/WebTSA.log

Please make sure that the log file is created in the above-mentioned path.

Schedular

This section provides a step-by-step guide to installing, configuring, and using the Scheduler.

Configuration

Note – all actions required for setting up and configuring emCA Scheduler should be done using administrator privileges

Environment Variables For scheduler.properties

Variable name: EMCA_SCHEDULER_CONFIGURATION_PATH

Variable value: location of property files (scheduler.properties)

For Linux

For setting the environment variable in Linux, run the following command.

sudo -H gedit /etc/environment

It will open the environment folder and set emCAScheduler path inside that

EMCA_SCHEDULER_CONFIGURATION_PATH for scheduler.properties file .

Once the Environment variable is set for scheduler.properties, the user can open the scheduler.properties to configure various options which includes configuring of connection to emCASheduler well as logs.

Snapshot

Please find below is the scheduler.properties file snapshot for reference:

#ENV_NAME :: EMCA_SCHEDULER_CONFIGURATION_PATH

#######################################
##          MySQL Properties         ##
#######################################

# HIBERNATE_DIALECT
hibernate.dialect=org.hibernate.dialect.MySQLDialect

# JDBC_DRIVER_CLASS_NAME
jdbc.driver.class.name=com.mysql.jdbc.Driver

# JDBC_URL
jdbc.url=jdbc:mysql://localhost:3306/<sheema>

# JDBC_USERNAME
jdbc.username=[username]

# JDBC_PASSWORD
jdbc.password=[encrypted password]

# JDBC_DB_NAME
jdbc.db.name=<sheema>

# EMCA_APPLICATION_AES_KEY_PATH
emca.application.aes.key.path=[emca encryption file path]

# LOG4J_FILE_PATH
log4j.file.path=/home/emca/emCAv4Solution/emCAv4-Scheduler/log4j.xml

# REINSTATE_DAYS_CHECK
reinstate.days.check=1

# CRL_FREQUENCY_DISABLE
#yes-skip frequency from emCA Application
#No-whenever scheduler run it will update
crl.frequency.disable=yes


#################################
##          FTP SERVER         ##
#################################

# FTP_SERVER_HOST
ftp.server.host = <ip_address>

# FTP_SERVER_PORT
ftp.server.port = 21

# FTP_SERVER_USERNAME
ftp.server.username = <ftp_username>

# FTP_SERVER_PASSWORD
ftp.server.password = <ftp_password>

# FTP_SERVER_FILE_PATH
ftp.server.file.path=<ftp_file_path>

# EMCA_REPOSITORY_CRL
emca.repository.crl=true

# EMCA_REPOSITORY_CERT
emca.repository.cert=true


#################################
##      LDAP repository        ##
#################################

# EMCA_LDAP_OS
emca.ldap.os=l

# EMCA_LDAP_CONTAINER_NAME
emca.ldap.container.name=<container>

# EMCA_LDAP_CRL
emca.ldap.crl=true

# EMCA_LDAP_CERT
emca.ldap.cert=true

# EMCA_LDAP_GENERATED_BEFORE
emca.ldap.generated.before=0

#################################
##      Local repository       ##
#################################

# LOCAL_REPOSITORY_FILE_PATH
local.repository.file.path=/home/emca/emCAv4Solution/emCAv4-Scheduler/LocalPath


#################################
##   E-Mail Server Settings    ##
#################################

# EMCA_MAIL_SERVER_SMTP_SSL_ENABLE
emca.mail.server.smtp.ssl.enable=false

# EMCA_MAIL_SERVER_HOST
emca.mail.server.host=[smpt host]

# EMCA_MAIL_SERVER_PORT
emca.mail.server.port=[port]

# EMCA_MAIL_SERVER_USERNAME
emca.mail.server.username=[Base64 encoded username]

# EMCA_MAIL_SERVER_PASSWORD
emca.mail.server.password=[Base64 encoded password]

# EMCA_MAIL_SERVER_TLS_ENABLE
emca.mail.server.tls.enable=true

# EMCA_MAIL_SERVER_AUTH
emca.mail.server.auth=true

#################################
##      E-Mail Setting         ##
#################################

# EXPIRESOON_DAYS
expiresoon.days=31

# EMCA_MAIL_FROM_NAME
emca.mail.from.name=[Emudhra Private Limited]

# EMCA_MAIL_FROM
emca.mail.from=[Base64 encoded from mail]

# EMCA_MAIL_SUBJECT
emca.mail.subject=Certificate about to expire

# EMCA_MAIL_ADDON_TO_EMAILS
emca.mail.addon.to.emails=[Base64 encoded to mails with "," separated]

# EMCA_MAIL_ADDON_CC_EMAILS
emca.mail.addon.cc.emails=[Base64 encoded to mails with "," separated]

# EMCA_MAIL_CONTACT_MAIL
emca.mail.contact.mail=[Contact mail]

# EMCA_MAIL_SMIME_ENABLE
emca.mail.smime.enable=false

# EMCA_MAIL_SMIME_KEYSTORE_PATH
emca.mail.smime.keystore.path=/home/emca/smme/smime-keystore.PFX

# EMCA_MAIL_SMIME_KEYSTORE_PASSWORD
emca.mail.smime.keystore.password=ZU11ZGhyYUAx

# EMCA_MAIL_SMIME_ENCRYPTION_REQUIRED
emca.mail.smime.encryption.required=true

# EMCA_MAIL_SMIME_ENCRYPTION_CERTIFICATE_PATH
emca.mail.smime.encryption.certificate.path=/home/emca/smme/recept.cer

# EMCA_USER_EXPIRE_ALERT
emca.user.expire.alert=true

# EMCA_USER_CERTIFICATE_EXPIRE_SUBJECT
emca.user.certificate.expire.subject=Certificate about to expire

# EMCA_PASSWORD_EXPIRE_SUBJECT
emca.password.expire.subject=User account about to expire

# CA_CERTIFICATE_EXPIRE_ALERT
ca.certificate.expire.alert=false

# CA_CERTIFICATE_EXPIRE_SUBJECT
ca.certificate.expire.subject=Certificate about to expire

# USER_CERTIFICATE_EXPIRE_ALERT
user.certificate.expire.alert=false

# USER_CERTIFICATE_EXPIRE_SUBJECT
user.certificate.expire.subject=Certificate about to expire

Deployment

The following component is required for deployment.

emCAScheduler.bat

emCAScheduler comes as a .bat file which has to run and provide configuration through properties file.

Please configure and save all the properties defined in section –‘(B) For scheduler.properties’. Environment Variables. Then run the emCASchedule .bat file.

Please find below steps to run the scheduler in windows:

Copy the emCAScheduler.bat inside C:\emCA

run emCAScheduler.bat you will get the window as given below:

For scheduling task or emCAScheduler follow the steps given below :

Go to start in windows → search for Task Scheduler and open it as shown below

Click on ‘Create Basic Task’ from the right side of window. The Create Basic Task Wizard window will be displayed. Enter the Name of the scheduler as required. The Description is optional as shown below.

Click on Next. You will be redirected to another window where the Task start time can be selected.

Click on ‘Next’. You will be redirected to another window. Set the date and time as given below:

Click on ‘Next’. Select the ‘Action’ as shown below.

Once done, enter the Program/Script to start a program and enter the argument to run the scheduler. Argument can be either single or multiple. Arguments can be entered with space as follows:

crl file suspendedCerts ftp ldap

a) crl : Run the command ‘crl scheduler’ to update the CRL where validity is less than the current date.

b) file: Run the command ‘file scheduler’ to copy all the CRL into local file folder.

c) suspendedCerts : Run the command ‘suspendedCerts’ to revoke the suspended certificates.

d) ftp: Run the command ‘ftp’ to copy all the Root, CA, certificates which is created through emCA application into a file server.

f) ldap: Run the command ‘ldap’ to publish all the Root, CA and User certificates in LDAP server.

Click on ‘Next’ button. The following window will be displayed.

Click on ‘Finish’. You can see the task scheduled as ‘emCAScheduler’ by clicking on ‘Task Scheduled Library’ on the left side of the window given below.

Quick Check Guide

To verify if the emCAScheduler is successfully run, follow the below steps.

FTP: View the certificate in FTP with the credentials given in properties as FTP details:

Give the Login Url: ftp:// 127.0.0.1. in the properties file (server: 127.0.0.1). The system will request for username and password as shown below:

Enter the user name and password as mentioned in the properties file: user = [FTP USER], pass = [FTP PASSWORD], and click on the Sign in button.
Now click on the folder as given in the properties file: path=[FTP FOLDER NAME] . you can see all the certificates.

PreviousPrerequisites NextOther Installations

Last updated 3 months ago