# Deployment Build Files ## emCA This section describes the procedure for configuring the environment variables required for emCA. ### Configuration {% hint style="info" %} **Note:** All actions required for setting up and configuring emCA should be done using administrator privileges. {% endhint %} ### **Environment Variables** **For emCA.properties** In emCA application deployment, the configuration of properties file is done through environment variables. In this case, the user has to place the emCA.properties file on the server and make a note of the location of properties file. The same path needs to be provided during environment variables configuration. This file is used to configure database, logs and truststore. Following is the procedure for configuring emCA.properties file in environment variables. The same Variable Name that is defined below has to be used during configuration. Variable name: EMCA\_CONFIGURATION\_PATH Variable value: location of property files (emCA.properties) #### For Java To deploy emCA war, java environment has to be set. Please follow the below procedure. If it is already configured, then please ignore this step. To correctly set the JAVA\_HOME variable for all users, you should choose the first option, "Edit the system environment variables." Here's the corrected instruction: Search for Environment Variables: * Type "environment variables" in the Windows search bar. * Click on "Edit the system environment variables". System Properties Window: * In the System Properties window that opens, click on the "Environment Variables" button.

Edit System Variables: * Under "System variables," find the JAVA\_HOME variable. * If the variable exists: * Select it and click "Edit." * In the "Variable value" field, enter the full path to your JDK 21 installation directory (e.g., C \Program Files\Java\jdk-21. * If the variable does not exist: * Click "New." * Enter JAVA\_HOME as the variable name. * Enter the full path to your JDK 21 installation directory as the variable value. Save Changes: * Click "OK" to save the changes in the Environment Variables window. * Click "OK" to close the System Properties window.

In emCA application deployment, the configuration of properties file is done through environment variables. In this case, the user has to place the emCA.properties file on the server and make a note of the location of properties file. The same path needs to be provided during environment variables configuration. This file is used to configure database, logs and truststore. Following is the procedure for configuring emCA.properties file in environment variables. The same Variable Name which is defined below has to be used during configuration. #### **For Windows** Go to Advanced System Settings -> Click on Environment Variables -> Click on New; then Enter the following as shown below figure Variable name: EMCA\_CONFIGURATION\_PATH Variable value: location of property files (emCA.properties)

It is recommended to restart the system after setting the environment variables #### **For Linux** For setting environment variables in Linux run the following command sudo -H gedit /etc/environment It will open the environment folder and set the emCA core path inside the folder. EMCA \_CONFIGURATION\_PATH for emCA.properties file

Once the Environment variable is set for emCA.properties, the user can open the emCA.properties to configure various options which include configuring of database as well as logs. It is recommended to restart the system after setting the environment variables. ### **Snapshot** Please find below is the emCA.properties file snapshot along with description of properties: ``` ######################################################### ## General Information ## ######################################################### ## Boolean values = "yes" or "no" ## ## String values = base64 encoded ## ## Passwords = encrypted with PasswordSecure.jar ## ## Time intervals = in days if not specified otherwise ## ## Paths = always absolute paths ## ## Optionals = set to empty if not needed ## ## ENV Overrides = Uppercase, dots -> underscores ## ######################################################### ####################################### ## MySQL Properties ## ####################################### # Hibernate Dialect # ENV: DATASOURCE_HIBERNATE_DIALECT datasource.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect # JDBC Configuration # ENV: DATASOURCE_DRIVER_CLASS_NAME datasource.driver.class.name=com.mysql.cj.jdbc.Driver # ENV: EMCA_DATASOURCE_URL emca.datasource.url=jdbc:mysql://localhost:3306/emca_prod # ENV: EMCA_DATASOURCE_DEFAULT_TENANT_NAME emca.datasource.default.tenant.name=emca_prod # ENV: EMCA_DATASOURCE_APPLICATION_USERNAME emca.datasource.application.username=emca_app # ENV: EMCA_DATASOURCE_APPLICATION_PASSWORD emca.datasource.application.password=EncryptedPasswordFor_emca_app # ENV: DATASOURCE_HOST datasource.host=localhost # ENV: DATASOURCE_PORT datasource.port=3306 # ENV: EMCA_DATASOURCE_ROLE_ACCESS_ENABLED emca.datasource.role.access.enabled=true ######################################## ## Role-Based DB Credentials ## ######################################## # CA Administrator # ENV: EMCA_DATASOURCE_ROLE_CAADMINISTRATOR_USERNAME emca.datasource.role.caadministrator.username=ca_admin # ENV: EMCA_DATASOURCE_ROLE_CAADMINISTRATOR_PASSWORD emca.datasource.role.caadministrator.password=EncryptedPasswordFor_ca_admin # Administrator # ENV: EMCA_DATASOURCE_ROLE_ADMINISTRATOR_USERNAME emca.datasource.role.administrator.username=emca_admin # ENV: EMCA_DATASOURCE_ROLE_ADMINISTRATOR_PASSWORD emca.datasource.role.administrator.password=EncryptedPasswordFor_emca_admin # Officer # ENV: EMCA_DATASOURCE_ROLE_OFFICER_USERNAME emca.datasource.role.officer.username=security_officer # ENV: EMCA_DATASOURCE_ROLE_OFFICER_PASSWORD emca.datasource.role.officer.password=EncryptedPasswordFor_emca_officer # Auditor # ENV: EMCA_DATASOURCE_ROLE_AUDITOR_USERNAME emca.datasource.role.auditor.username=audit_user # ENV: EMCA_DATASOURCE_ROLE_AUDITOR_PASSWORD emca.datasource.role.auditor.password=EncryptedPasswordFor_emca_auditor ############################################# ## Application Folder and Logging ## ############################################# # ENV: EMCA_APPLICATION_FOLDERS_LOCATION emca.application.folders.location=/opt/emca/config # ENV: EMCA_LOG4J_FILE_PATH emca.log4j.file.path=/opt/emca/config/log4j.xml #EMCA_ENVIRONMENT_IS_PRODUCTION environment.isProduction = false ####################################### ## PQC Service Configuration ## ####################################### # PQC Service URL (when running in Tomcat, use context path) pqc.service.url=http://localhost:8080/emCA-PQC-Service/api/v1/pqc # Enable/Disable PQC Service # ENV: PQC_SERVICE_ENABLED pqc.service.enabled=true # PQC Service Timeout (milliseconds) # ENV: PQC_SERVICE_TIMEOUT pqc.service.timeout=30000 ####################################### ## Approval Workflow Configuration ## ####################################### # Enable/Disable Approval Workflow # ENV: APPROVAL_WORKFLOW_ENABLED # Note: Additional settings (minimum approvals, approver roles) are configured in EMCAUsersMetrix table approval.workflow.enabled=true ``` {% hint style="info" %} Use either a new database user or an existing one as the username in the above The password for the database user must be encrypted using the PasswordSecure.jar tool. Please refer to Section 7. DB Password ENCRYPTOR {% endhint %} ### **Database** Open the *emCA.properties* file and based on the type of database used; the corresponding values need to be updated. Please find the below sample Database configuration provided for MySQL database. Example: for #MySQL database, use the below-mentioned values in the table:


Parameter	Description	Values to be Replaced
datasource.hibernate.dialect	[DialectInfo] refers to Dialect information	org.hibernate.dialect.MySQLDialect
datasource.driver.class.name	[DriverClassName] refers to Driver class name	com.mysql.jdbc.Driver
emca.datasource.url	[URL] refers to Database URL	jdbc:mysql://127.0.0.1:3306/emca
emca.datasource.application.username	[UserName] refers to UserName who has access to this schema	root
emca.datasource.application.password	[Password] refers to Password for the user	nNh0bStJeJxo3eu3taSY2Q==

### **Logs** In the emCA.properties file also configure the logs path for capturing events. Provide the log file path to capture logs. ``` #Configure the log4j.xml path [This property is meant to configure local server path of log4j file] logFilePath=C:/emCA/emCAPropertyFiles/log4j.xml ``` {% hint style="info" %} **Note:** If java.util.logging.FileHandler is not configured then application logs will not be generated. {% endhint %} ``` ?xml version="1.0" encoding="UTF 8"? Configuration status="WARN" monitorInterval="30"> ! Logging Properties %d{yyyy-MM-dd HH:mm:ss.SSS %pid %p %m%n E:\emCAv4\emCAProperties\logs\emca Appenders> ! Console Appender Console name="Console" target="SYSTEM_OUT" follow="true"> PatternLayout disableAnsi="false" pattern="$ CONSOLE_LOG_PATTERN " /> RollingFile name="warnLog" fileName="$ APP_LOG_ROOT /emCA-warn.log" filePattern="$ APP_LOG_ROOT /emCA-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> RollingFile name="infoLog" fileName="$ APP_LOG_ROOT /emCA-info.log" filePattern="$ APP_LOG_ROOT /emCA-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> RollingFile name="errorLog" fileName="$ APP_LOG_ROOT /emCA-error.log" filePattern="$ APP_LOG_ROOT /emCA-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> RollingFile name="debugLog" fileName="$ APP_LOG_ROOT /emCA-debug.log" filePattern="$ APP_LOG_ROOT /emCA-debug-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> Loggers> AsyncRoot level="debug" includeLocation="false"> AppenderRef ref="infoLog" /> AppenderRef ref="errorLog" /> AppenderRef ref="warnLog" /> AppenderRef ref="debugLog" /> AppenderRef ref="Console" /> ``` ### **Deployment** The following component is required for deployment: emCA application (emCA.war file) emCA application package is provided as a war file which has to be deployed on the application server. Please configure and save all the properties in the file defined in section –‘For emCA.properties’ under Environment Variables Please find the following steps to deploy the application: * Copy the emCA.war inside Tomcat->Web apps folder *apache-tomcat-7.0.37\webapps.* * Windows run services.msc. * Select the service name Apache Tomcat and Click Start. ### Quick Check Guide To verify if the application has been successfully deployed, please follow the below steps: Once deployment is completed and server is started, open any browser like IE, Google Chrome, Firefox etc. and enter URL - emCA login page should be displayed as shown below

After successful deployment of the emCA application, check if all the Tables have been created in the specified schema in the database. Also, check for log file generation in the path mentioned (Configuration->Log Properties). {% hint style="info" %} Note: java.util.logging.FileHandler.pattern = \//emca\_debug.log Please verify the specified highlight in the log4j.xml location and ensure that the logs folder has been successfully generated. {% endhint %} A log file should have been generated in the above-mentioned path. ## emCA API This section provides the procedure for emCA API deployment and configuration. emCA API (emcaServices) provides an open API (Application Programming Interface) for integrating certificate services with third-party applications and devices. emCA API supports REST in JSON format. emCA APIs are light weight and flexible. {% hint style="info" %} Note: The emCA API supports the following features: `/rest/certificates/request`, `/rest/certificates/request/keystore`, `/rest/certificates/export`, `/rest/certificates/revoke`, `/rest/certificates/suspend`, `/rest/certificates/reinstate`, and `/rest/certificates/request/regenerate`. {% endhint %} **Requirement** * emcaServices.war package **Deploy WAR** * Copy emcaServices.war to \/webapps/ * Configure EMCA\_CONFIGURATION\_PATH * Define datasource or JNDI for API database access **Start Service** * Restart application server * Verify endpoint availability at https\://\:\/emCA/api/health **Authentication & Transport** * All endpoints require TLS * Use token-based authentication in HTTP headers **Supported REST Methods** **CA Management:** | GET |

getKeyProfiles

| | ---- | ------------------------------------------------ | | POST |

createCA

| | POST |

createCSR

| | POST |

importCertificate

| | POST |

createOrUpdateCRLProfile

| | POST |

createOrUpdateCRL

| | POST |

getCRL

| | GET |

getCRL

| | POST |

revoke/suspend

| | POST |

reinstateCA

| | POST |

createOrUpdateUserProfile

| | POST |

createUserCertificate

| **Certificate Management:** | POST | getJwt-token | | ---- | ----------------------- | | POST | createCertificate | | POST | createCertificates | | POST | createCustomCertificate | | POST | createKeyStore | | POST | rekey | | POST | regenerateKeyStore | | POST | revoke | | POST | suspend | | POST | reinstate | | POST | getCertificate | | POST | getProfiles | | POST | getProfileInfo | | POST | getCertInfo | | POST | getCertCount | | POST | getExpiringSoonCertInfo | | POST | getCAs | | POST | getCertificateChain | | GET | getCAs | | GET | getCertificateChain | | GET | getProfileInfo | | GET | getProfiles | | GET | getCertificate | ### Configuration {% hint style="info" %} Note: All actions required for setting up and configuring emCA should be done using administrator privileges. {% endhint %} ### **Environment Variables** #### **Application.properties** This file is used to configure database-related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs. #### For Java To deploy emCA war, java environment has to be set. Please follow the below procedure. If it is already configured, then please ignore this step. To correctly set the JAVA\_HOME variable for all users, you should choose the first option, "Edit the system environment variables." Here's the corrected instruction: Search for Environment Variables: * Type "environment variables" in the Windows search bar. * Click on "Edit the system environment variables". System Properties Window: * In the System Properties window that opens, click on the "Environment Variables" button.

Edit System Variables: * Under "System variables," find the JAVA\_HOME variable. * If the variable exists: * Select it and click "Edit." * In the "Variable value" field, enter the full path to your JDK 21 installation directory (e.g., C \Program Files\Java\jdk-21 . * If the variable does not exist: * Click "New." * Enter JAVA\_HOME as the variable name. * Enter the full path to your JDK 21 installation directory as the variable value. Save Changes: * Click "OK" to save the changes in the Environment Variables window. * Click "OK" to close the System Properties window.

The variable value should point out the physical path of the JDK 21. And click ok. For Application.properties This file is used to configure database-related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs. #### **For Windows** Configure the property file path in environment variables as shown in below figure .

Variable name: EMCA\_SERVICES\_CONFIGURATION\_PATH Variable value: location of property files (application.properties) #### **For Linux** For setting environment variable in Linux, run following command. sudo -H gedit /etc/environment It will open the environment folder and set the emCA and emCA Services path inside the folder. EMCA\_SERVICES\_CONFIGURATION\_PATH for application.properties file as shown in the below figure.

Once the Environment variable is set for application.properties, the user can open the application.properties to configure various options which includes configuring of database as well as logs. ### **Snapshot** Application.properties file snapshot for reference: ``` ######################################################### ## General information ## ######################################################### ## Boolean values = "yes" or "no" ## ## String values = base64 encoded ## ## Passwords = encrypted with PasswordSecure.jar ## ## Time intervals = in days if not specified otherwise ## ## Paths = always absolute paths ## ######################################################### ####################################### ## MySQL Connection ## ####################################### #API_JPA_PROPERTIES_HIBERNATE_DIALECT datasource.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect #API_DATASOURCE_DRIVER_CLASS_NAME datasource.driver.class.name=com.mysql.jdbc.Driver #API_DATASOURCE_URL api.datasource.url=jdbc:mysql://127.0.0.1:3306/emca_prod # API_DATASOURCE_NAME api.datasource.default.tenant.name=emca_prod #API_DATASOURCE_USERNAME api.datasource.username=root # API_DATASOURCE_PASSWORD api.datasource.password=Licm/hHGkujCreZ7KcZcRw== #EMCA.APPLICATION.FOLDERS.LOCATION emca.application.folders.location=D:/TestEnvronment/emCAProperties ####################################### ## OAUTH2 Configuration ## ####################################### #SECURITY.OAUTH.ENABLED security.oauth2.enabled=false #SECURITY.OAUTH2.RESOURCE_SERVER.URI security.oauth2.resource.server.uri=http://: ``` ### **Database** Open the *application.properties* file and based on the type of database used; the corresponding values need to be updated. Please find below a sample Database configuration provided for MySQL database. Example: for #MySQL database, use below mentioned values in the table: \#Hibernate properties: | ***Parameter*** | **Description** | **Values to be replaced** | | ------------------------------------- | ------------------------------------------------------------- | ----------------------------------- | | *database.hibernate.dialect* | \[DialectInfo] refers to Dialect information | org.hibernate.dialect.MySQL5Dialect | | *spring.datasource.driver.class.name* | \[DriverClassName] refers to Driver class name | com.mysql.jdbc.Driver | | *api.datasource.url* | \[URL] refers to Database URL | jdbc:mysql://127.0.0.1:3306/emca | | *api.datasource.username* | \[UserName] refers to UserName who has access to this schema | Root | | *api.datasource.password* | \[Password] refers to Password for the user (Refer Section 6) | nNh0bStJeJxo3eu3taSY2Q== | Ex: \#MySQL DialectInfo= “org.hibernate.dialect.MySQLDialect” DriverClassName=” com.mysql.jdbc.Driver” URL= “jdbc:mysql://<127.0.0.1:3306>/ emca” UserName=”root” Password=”root” {% hint style="info" %} **Note:** The same schema which is used for the emCA application should be used for the emCA API as well {% endhint %} ### **Logs** The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of the log4j.xml file needs to be provided in the application.properties file which is set in the environment variables Log4J XML file as shown below: ``` ?xml version="1.0" encoding="UTF 8"? Configuration status="WARN" monitorInterval="30"> ! Logging Properties %d{yyyy-MM-dd HH:mm:ss.SSS %pid %p %m%n E:\emCAv4\emCAProperties\logs\api Appenders> ! Console Appender Console name="Console" target="SYSTEM_OUT" follow="true"> PatternLayout disableAnsi="false" pattern="$ CONSOLE_LOG_PATTERN " /> RollingFile name="debugLog" fileName="$ APP_LOG_ROOT /emCA_API debug.log" filePattern="$ APP_LOG_ROOT /emCA_API-debug-%d{yyyy-MM dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="DEBUG" maxLevel="DEBUG" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> RollingFile name="warnLog" fileName="$ APP_LOG_ROOT /emCA_API-warn.log" filePattern="$ APP_LOG_ROOT /emCA_API-warn-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="WARN" maxLevel="WARN" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> RollingFile name="infoLog" fileName="$ APP_LOG_ROOT /emCA_API-info.log" filePattern="$ APP_LOG_ROOT /emCA_API-info-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="INFO" maxLevel="INFO" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> RollingFile name="errorLog" fileName="$ APP_LOG_ROOT /emCA_API-error.log" filePattern="$ APP_LOG_ROOT /emCA_API-error-%d{yyyy-MM-dd}_%i.log" immediateFlush="true" append="true"> LevelRangeFilter minLevel="ERROR" maxLevel="ERROR" onMatch="ACCEPT" onMismatch="DENY"/> PatternLayout pattern="$ LOG_PATTERN "/> Policies> OnStartupTriggeringPolicy /> SizeBasedTriggeringPolicy size="10MB" /> DefaultRolloverStrategy max="30000"/> Loggers> AsyncRoot level="debug" includeLocation="false"> AppenderRef ref="infoLog"/> AppenderRef ref="errorLog"/> AppenderRef ref="warnLog"/> AppenderRef ref="debugLog"/> AppenderRef ref="Console" /> ``` In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated. {% hint style="info" %} Note: The highlight location differs between Windows and Linux systems. Please refer to the path specific to your environment. Additionally, the Log4j file will be included as part of the deployment package. {% endhint %} ### Deployment The following component is required for deployment: emCAServices.war emCAServices comes as a war file that has to be deployed on the application server. Server provides configuration through the properties file. Please configure and save all the properties defined in the properties file. Then deploy the configured emCAServices war file. Please find below the steps to deploy the application: * Copy the emcaServices war inside Tomcat ->Web apps folder apache-tomcat-7.0.37\webapps. * Windows run services.msc. * Select the service Apache Tomcat and click start. ### **Quick Check Guide** Once deployment is completed and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox, etc. and enter the URL- https\:/[www.example.com/emcaServices](http://www.example.com/emcaServices) Example: in the enter address field The following message will be displayed as shown below.

## OCSP Core This section provides the step-by-step guide for installation, configuration, and usage of OCSP Core. Online Certificate Status Protocol (OCSP) is an [Internet](https://en.wikipedia.org/wiki/Internet) [protocol](https://en.wikipedia.org/wiki/Communication_protocol) used for obtaining the revocation status of an [X.509](https://en.wikipedia.org/wiki/X.509) [digital certificate](https://en.wikipedia.org/wiki/Digital_certificate). An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'. ### Configuration {% hint style="info" %} Note: All actions required for setting up and configuring OCSP Core should be done using administrator privileges. {% endhint %} #### **Environment Variables** #### **For ocspcore.properties** This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCA application) as well as logs. #### **For Linux** For setting environment variable in Linux run following command sudo -H gedit /etc/environment It will open environment folder and set OCSP Core path inside that OCSPCORE\_CONFIGURATION\_PATH for ocspcore.properties file as shown in below figure

Once the Environment variable is set for ocspcore.properties, the user can open the ocspcore.properties to configure various options which includes configuring of database as well as logs. ### **Snapshot** Please find the below ocspcore.properties file snapshot for reference: ``` #EMOCSPRESPONDER_CONFIGURATION_PATH ######################################################### ## General information ## ######################################################### ## Boolean values = "yes" or "no" ## ## String values = base64 encoded ## ## Passwords = encrypted with PasswordSecure.jar ## ## Time intervals = in days if not specified otherwise ## ## Paths = always absolute paths ## ## Optionals = set to empty if not needed ## ######################################################### ####################################### ## MySQL Properties ## ####################################### # DATASOURCE_DRIVER_CLASS_NAME datasource.driver.class.name=com.mysql.cj.jdbc.Driver # HIBERNATE_DIALECT datasource.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect # DATASOURCE_URL ocspcore.datasource.url=jdbc:mysql://localhost:3306/ # DATASOURCE_USERNAME ocspcore.datasource.username=[Username] # DATASOURCE_PASSWORD ocspcore.datasource.password=[Encryppt Password] # DATASOURCE_DATABASE_NAME ocspcore.default.database.name=[default databaseName] ####################################### ## Encryption Keys path ## ####################################### # EMCA_AES_KEY_PATH emca.aes.key.path=/home/emCA/emCAProperties/key/aes.key # EMCA_DB_AES_KEY_PATH # optional if subscriber encryption mode is database emca.db.aes.key.path=/home/emCA/emCAProperties/key/subscriber-aes.key ####################################### ## log4j Configuration ## ####################################### # LOG4J_FILE_PATH ocspcore.log.file.path=/home/emCAv4Solution/emCAv4OCSP/OCSPProperties/ocspcore/log4j.xml ``` ### **Database** ocspcore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for OCSP). Open the ocspcore.properties file and change the below DB configuration: |

Parameter

Description

| | ------------------------------------------------- | -------------------------------------------------------------- | | datasource.hibernate.dialect | \[DialectInfo] refers to Dialect information | | datasource.driver.class.name | \[DriverClassName] refers to Driver class name | | ocspcore.datasource.url | \[URL] refers to Database URL | | ocspcore.datasource.username | \[UserName] refers to UserName who has access to this schema | | ocspcore.datasource.password | \[Password] refers to Password for the user ( Refer Section 6) | {% hint style="info" %} **Note:** Default values in the configuration file will be used if it’s not changed as per the requirement. Please configure as per your requirement. OCSP Responder will connect with the same schema which is connected to the emCA Application {% endhint %} ### **Logs** The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspcore.properties file which is set in the environment variables \[please refer section 6.3.1.1] Log4J XML file as shown below: ``` [%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n E:/OCSP/logs/ocspcore ``` In the above LOCAL SERVER PATH, the administrator has to provide a folder path where in the log files get generated. ### Deployment The following component is required for deployment: OCSP CORE(ocsprespondercore.war file) OCSPCORE comes as a war file which has to be deployed on the application server. Server provides configuration through properties file. Please configure and save all the properties defined in the properties file defined in section -‘(B) For ocspcore.properties’ under section 5.6.1.1. Environment Variables. Then deploy the configured OCSP Core war file. Please find below steps to deploy the application: * Copy the ocsprespondercore.war inside Tomcat ->Web apps folder apache-tomcat\webapps * Windows run services.msc * Select Apache Tomcat and click Start ### Quick Check Guide Once deployment is successfully done and the server is started, Open any browser like Internet Explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below in enter address field place (For ex: https\:// 127.0.0.1:8080/ocsprespondercore) The following message is displayed. This implies that the application is deployed properly. “HTTP Status 405 - OCSP only supports POST”. To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml). ``` "[Local Server Path]/ocspresponder.log ``` Please make sure that the log file is created in the above-mentioned path. ## OCSP Responder Web This section provides step by step guide for installation, configuration and usage of OCSP Web. This is generally deployed in the DMZ for external applications to interface. OCSP Web will in turn interfaces with OCSP Core that is deployed in the MZ where in only selected internal application will have access to it. ### Configuration {% hint style="info" %}

Note – all actions required for setting up and configuring OCSP Web should be done using administrator privileges

{% endhint %} #### **Environment Variables - For ocspweb.properties** This file is used to configure logs. #### For Windows Search for Environment Variables: * Type "environment variables" in the Windows search bar. * Click on "Edit the system environment variables". System Properties Window:In the System Properties window that opens, click on the "Environment Variables" button. Edit System Variables: * Under "System variables," find the JAVA\_HOME variable. * If the variable exists: * Select it and click "Edit." * In the "Variable value" field, enter the full path to your JDK 21 installation directory (e.g., C \Program Files\Java\jdk-21 * If the variable does not exist: * Click "New." * Enter JAVA\_HOME as the variable name. * Enter the full path to your JDK 21 installation directory as the variable value. Save Changes: * Click "OK" to save the changes in the Environment Variables window. * Click "OK" to close the System Properties window

Environment Variables: OCSPWEB\_CONFIGURATION\_PATH=E:\OCSP\OCSPProperties\ocspweb #### **For Linux** For setting the environment variable in Linux, run following command: sudo -H gedit /etc/environment It will open environment folder and set OCSP Web path inside that OCSPWEB\_CONFIGURATION\_PATH for ocspweb.properties file as shown in below figure

Once the Environment variable is set for ocspweb.properties, the user can open the ocspweb.properties to configure logs. ### **Snapshot** Please find below is the ocspweb.properties file snapshot for reference: ``` #OCSPWEB_CONFIGURATION_PATH # EMCA_OCSP_URL emca.ocsp.url=http://127.0.0.1/OCSPResponderCore/ocsp # EMCA_OCSP_REDIRECT_URL # Redirect the url ocsp web if required #emca.ocsp.redirect.url=https://google.com/ ####################################### ## log4j Configuration ## ####################################### # LOG4J_FILE_PATH log4j.file.path=/home/emCAv4Solution/emCAv4OCSP/OCSPProperties/ocspweb/log4j.xml ####################################### ## Spring Configuration ## ####################################### # SPRING_MVC_VIEW_PREFIX spring.mvc.view.prefix=/WEB-INF/View/ # SPRING_MVC_VIEW_SUFFIX spring.mvc.view.suffix=.jsp ``` ### **Connection** OCSP Web has to connect to OCSP Core for passing the requests received by OCSP Web to OCSP Core. For connecting to OCSP Core, in the properties file as shown below ``` # URL where ocspcore is deployed emca.ocsp.url=http://:/OCSPResponderCore/ocsp ``` ### **Logs** The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspweb.properties file which is set in the environment variables \[please refer section 6.4.1.1] Log4J XML file as shown below: ``` [%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n E:/OCSP/logs/ocspweb ``` In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated. ### Deployment The following components are required for deployment: OCSP Web (ocspresponderweb.war file) OCSP Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file. Please configure and save all the properties. Then deploy the configured OCSP Web war file. Please find below steps to deploy the application: * Copy the ocspresponderweb.war inside Tomcat->Web apps folder apache-tomcat\webapps * Windows run services.msc * Go to Apache Tomcat and click Start ### Quick Check Guide These endpoints are used when the OCSP service is running in single-tenant, or where no specific tenant identifier is required in the URL. OCSP Core (Default Tenant) ``` https://www.example.com/OCSPResponderWeb/ocsp ``` Use these endpoints when the OCSP service is operating in multi-tenant mode, where each group name is identified using a {tenantId} path variable. OCSP Core (Multi-Tenant) ``` https://www.example.comOCSPResponderWeb/ocsp/{tenantId} ``` To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml) ``` "[Local Server Path]/OCSPResponderWeb.log ``` Please make sure that the log file is created in the above-mentioned path. ## TSA Core This section provides step by step guide for installation, configuration, and usage of TSA Core. TSA Core including (emTSA and eTSA) is used for timestamping the requests received. And also help in managing timestamping Signers as well as keys. ### Configuration {% hint style="info" %} Note: All actions required for setting up and configuring TSA Core should be done using administrator privileges {% endhint %} ### **Environment Variables** **tsacore.properties** This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for TSA application) as well as logs. #### For Windows Configure the property file path in environment variables as shown below in figure

Variable name:TSACORE\_CONFIGURATION\_PATH=E:\TSA\TSAProperties\tsacore #### **For Linux** For setting the environment variable in Linux, run the following command. sudo -H gedit /etc/environment It will open environment folder and set TSA Core path inside that TSACORE\_CONFIGURATION\_PATH for tsacore.properties file as shown in below figure

Once the Environment variable is set for tsacore.properties, the user can open the tsacore.properties to configure various options which includes configuring of database as well as logs. ### **Snapshot** Please find below is the tsacore.properties file snapshot for reference: ``` # Configure ENV on the server # ENV Variable : TSACORE_CONFIGURATION_PATH # HIBERNATE_DIALECT datasource.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect datasource.driver.class.name=com.mysql.jdbc.Driver emtsa.datasource.url=jdbc:mysql://localhost:3306/emtsa emtsa.datasource.username=root emtsa.datasource.password=sTc6+9CC0MxOcqVgaJzbhg== application.aes.key.path=D:/TestEnvronment/emCAProperties/key/aes.key emtsa.pkcs12.type.key.profiles.path=D:/TestEnvronment/PKCS12 emtsa.pkcs11.type.key.profiles.path=D:/TestEnvronment/PKCS11 #For Logs emtsa.log4j.file.path=D:/TestEnvronment/Logs/tsa/log4j.xml #crlMapRefresh time.enabled=24 # APPLICATION_AES_KEY_PATH application.aes.key.path=[AES Key file path] # PKCS12_TYPE_KEY_PROFILES_LOCATION pkcs12.type.key.profiles.location=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/pkcs12 # PKCS11_TYPE_KEY_PROFILES_LOCATION pkcs11.type.key.profiles.location=/home/emCAv4Solution/emCAv4TSA/TSAProperties/tsacore/pkcs11 ``` ### **Database** tsacore.properties file is used to configure database related properties where we can configure database properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for TSA). Open the tsacore.properties file and change the below DB configuration: | **Parameter** | **Description** | | ---------------------------- | -------------------------------------------------------------- | | datasource.hibernate.dialect | \[DialectInfo] refers to Dialect information | | datasource.driver.class.name | \[DriverClassName] refers to Driver class name | | emtsa.datasource.url | \[URL] refers to Database URL | | emtsa.datasource.username | \[UserName] refers to UserName who has access to this schema | | emtsa.datasource.password | \[Password] refers to Password for the user ( Refer Section 6) | ### **esta Logs** The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in tsacore.properties file which is set in the environment variables Log4J XML file as shown below: ``` [%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n %d{yyyy-MM-dd HH:mm:ss.SSS} %highlight{${LOG_LEVEL_PATTERN:-%5p}}{FATAL=red, ERROR=red, WARN=yellow, INFO=green, DEBUG=green, TRACE=green} %style{%pid}{magenta} --- [%4.15t] %style{%-20.40c{1.}}{cyan} : %m%n%ex E:\TSA\TSAProperties\tsacore\logs\etsa ``` In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated. #### **emTSA Logs** The application uses emTSA-Log4j for logging. Please specify the local server path for collecting the logs in the emTSA-log4j.xml file. The local server path of emTSA-log4j.xml file need to be provided in tsacore.properties file which is set in the environment variables. Log4J XML file as shown below: ``` [%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n %d{yyyy-MM-dd HH:mm:ss.SSS} %highlight{${LOG_LEVEL_PATTERN:-%5p}}{FATAL=red, ERROR=red, WARN=yellow, INFO=green, DEBUG=green, TRACE=green} %style{%pid}{magenta} --- [%4.15t] %style{%-20.40c{1.}}{cyan} : %m%n%ex E:\TSA\TSAProperties\tsacore\logs\emtsa ``` In the above highlighted LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated. ### Deployment The following component is required for deployment: TSA CORE(emTSA.war and eTSA.war file) TSA CORE comes as 2 war files which has to be deployed on the application server. Server provides configuration through properties file. Please configure and save all the properties defined in section - ‘(B) For tsacore.properties’ under section 5.8.1.1. Environment Variables. Then deploy the configured TSA Core war file. Please find below steps to deploy the application: * Copy the eTSA.war inside Tomcat ->Web apps folder apache-tomcat\webapps * Windows run services.msc * Go to Apache Tomcat and Click start ### Quick Check Guide Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below in enter address field place (For ex: https\:// 127.0.0.1:8080/eTSA) The TSA Login page will be displayed. To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml) ``` "[Local Server Path]/eTSA.log ``` Please make sure that the log file is created in the above-mentioned path. ## TSA Web This section provides step by step guide for the installation, configuration, and usage of TSA Web. This is generally deployed in the DMZ for external applications to interface. TSA Web will in turn interface with TSA Core that is deployed in the Militarized Zone/ Trusted Zone where in only selected internal applications will have access to it. ### Configuration {% hint style="info" %} Note: All actions required for setting up and configuring TSA Web should be done using administrator privileges. {% endhint %} ### **Environment Variables** **tsaweb.properties** This file is used to configure connections with TSA Core as well as logs. In order to deploy WebTSA.war, java environment has to be set. Please follow the below procedure. If this is already configured, then please ignore this section. To correctly set the JAVA\_HOME variable for all users, you should choose the first option, "Edit the system environment variables." Here's the corrected instruction: Search for Environment Variables: * Type "environment variables" in the Windows search bar. * Click on "Edit the system environment variables". System Properties Window: * In the System Properties window that opens, click on the "Environment Variables" button. Edit System Variables: * Under "System variables," find the JAVA\_HOME variable. * If the variable exists: * Select it and click "Edit." * In the "Variable value" field, enter the full path to your JDK 21 installation directory (e.g., C \Program Files\Java\jdk-21 * If the variable does not exist: * Click "New." * Enter JAVA\_HOME as the variable name. * Enter the full path to your JDK 21 installation directory as the variable value. Save Changes: * Click "OK" to save the changes in the Environment Variables window. * Click "OK" to close the System Properties window. Variable value: location of property files (tsaweb.properties) E:\TSA\TSAProperties\tsaweb #### **For Linux** For setting the environment variable in Linux, run the following command. sudo -H gedit /etc/environment It will open environment folder and set TSA Web path inside that TSAWEB\_CONFIGURATION\_PATH for tsaweb.properties file as shown in below figure

Once the Environment variable is set for tsaweb.properties, the user can open the tsaweb.properties to configure various options which includes configuring of connection to TSA Core well as logs. ### **Snapshot** For your reference, we have attached a snapshot of the tsaweb.properties file below: ``` # Configure ENV on the server # ENV Variable : TSAWEB_CONFIGURATION_PATH # eTSA timestamp.service.url=http://localhost:8080/eTSA/timestamp/request # Verify Request datasource.hibernate.dialect=org.hibernate.dialect.MySQLDialect datasource.driver.class.name=com.mysql.jdbc.Driver emtsa.datasource.url=jdbc:mysql://localhost:3306/emtsa emtsa.datasource.username=root emtsa.datasource.password=sTc6+9CC0MxOcqVgaJzbhg== application.aes.key.path=D:/OneDrive - eMudhra Limited/D_Drive/TestEnvronment/emCAProperties/key/aes.key # Log4j webtsa.log4j.file.path=D:/TestEnvronment/emCAProperties/webtsa-log4j.xml ``` ### **Connection** TSA Web has to connect to TSA Core for passing the requests received by TSA Web to TSA Core. For connecting to TSA Core, in the properties file as shown below ``` #URL where tsacore is deployed emca.tsa.url=http://localhost/eTSA/etsa ``` ### **Logs** The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in tsaweb.properties file which is set in the environment variables \[please refer section 6.6.1.1] Log4J XML file as shown below: ``` [%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n %d{yyyy-MM-dd HH:mm:ss.SSS} %highlight{${LOG_LEVEL_PATTERN:-%5p}}{FATAL=red, ERROR=red, WARN=yellow, INFO=green, DEBUG=green, TRACE=green} %style{%pid}{magenta} --- [%4.15t] %style{%-20.40c{1.}}{cyan} : %m%n%ex E:\TSA\TSAProperties\tsaweb\logs ``` In the above LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated. ### Deployment Following components are required for deployment: TSA Web(WebTSA.war file) TSA Web comes as a war file which has to be deployed on the application server. Server provides configuration through properties file. Please configure and save all the properties defined in section - ‘(B) For tsaweb.properties’ under section 5.9.1.1. Environment Variables. Then deploy the configured TSA Core war file. Please find below steps to deploy the application: * Copy the WebTSA.war inside Tomcat->Web apps folder apache-tomcat\webapps * Windows run services.msc * Go to Apache Tomcat and click Start ### **Quick Check Guide** Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below in enter address field place (For ex: https\:// 127.0.0.1:8080/WebTSA) Following page is displayed . This implies that the application is deployed properly.

To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml) ``` "[Local Server Path]/WebTSA.log ``` Please make sure that the log file is created in the above-mentioned path. ## Schedular This section provides a step-by-step guide to installing, configuring, and using the Scheduler. ### Configuration {% hint style="info" %} **Note** – all actions required for setting up and configuring emCA Scheduler should be done using administrator privileges {% endhint %} ### **Environment Variables** **scheduler.properties** This file is used to configure database related properties like dialect, driver class name, URL, Username, password (database user should have full privilege to the schema created for emCAScheduler) as well as logs. Variable name: EMCA\_SCHEDULER\_CONFIGURATION\_PATH Variable value: location of property files (scheduler.properties) #### **For Linux** For setting the environment variable in Linux, run the following command. sudo -H gedit /etc/environment It will open the environment folder and set emCAScheduler path inside that EMCA\_SCHEDULER\_CONFIGURATION\_PATH for scheduler.properties file .

Once the Environment variable is set for scheduler.properties, the user can open the scheduler.properties to configure various options which includes configuring of connection to emCASheduler well as logs. ### **Snapshot** Please find below is the scheduler.properties file snapshot for reference: ``` [This property is meant for configuring MySQL database connection] hibernate.dialect=org.hibernate.dialect.MySQLDialect jdbc.driverClassName=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://127.0.0.1:3306/emca jdbc.username=[EMCA DB User] jdbc.password=[ENCRYPTED DB PASSWORD] [This property is meant for checking the certificate status] reinstatedays=1 revokeCertificate=true updatecrl=true #FTP scheduler emca.repository.crl=false emca.repository.cert=true emca.repository.upload=true #FTP Details[This property is meant for checking the certificates copied into file folder] server = 127.0.0.1 port = 21 user = [FTP USER] pass = [FTP PASSWORD] path=[FTP FOLDER NAME] #Ldap Config [This property is meant for checking the certificates published to LDAP server] emca.ldap.crl=true emca.ldap.cert=true emca.ldap.os=w #Local Repository localFilePath=[LOCAL Repository PATH TO PUBLISH THE CRL'S] emca.local.crl=true ``` ### **Deployment** The following component is required for deployment. emCAScheduler.bat emCAScheduler comes as a .bat file which has to run and provide configuration through properties file. Please configure and save all the properties defined in section –‘(B) For scheduler.properties’. Environment Variables. Then run the emCASchedule .bat file. Please find below steps to run the scheduler in windows: Copy the emCAScheduler.bat inside C:\emCA run emCAScheduler.bat you will get the window as given below:

For scheduling task or emCAScheduler follow the steps given below : 1. Go to start in windows → search for Task Scheduler and open it as shown below

2. Click on ‘Create Basic Task’ from the right side of window. The Create Basic Task Wizard window will be displayed. Enter the Name of the scheduler as required. The Description is optional as shown below.

3. Click on Next. You will be redirected to another window where the Task start time can be selected.

4. Click on ‘Next’. You will be redirected to another window. Set the date and time as given below:

5. Click on ‘Next’. Select the ‘Action’ as shown below.

6. Once done, enter the Program/Script to start a program and enter the argument to run the scheduler. Argument can be either single or multiple. Arguments can be entered with space as follows: crl file suspendedCerts ftp ldap a) crl : Run the command ‘crl scheduler’ to update the CRL where validity is less than the current date. b) file: Run the command ‘file scheduler’ to copy all the CRL into local file folder. c) suspendedCerts : Run the command ‘suspendedCerts’ to revoke the suspended certificates. d) ftp: Run the command ‘ftp’ to copy all the Root, CA, certificates which is created through emCA application into a file server. f) ldap: Run the command ‘ldap’ to publish all the Root, CA and User certificates in LDAP server. 7. Click on ‘Next’ button. The following window will be displayed.

8. Click on ‘Finish’. You can see the task scheduled as ‘emCAScheduler’ by clicking on ‘Task Scheduled Library’ on the left side of the window given below.

#### Quick Check Guide To verify if the emCAScheduler is successfully run, follow the below steps. FTP: View the certificate in FTP with the credentials given in properties as FTP details:

Give the Login Url: ftp\:// 127.0.0.1. in the properties file (server: 127.0.0.1). The system will request for username and password as shown below: * Enter the user name and password as mentioned in the properties file: user = \[FTP USER], pass = \[FTP PASSWORD], and click on the Sign in button. * Now click on the folder as given in the properties file: path=\[FTP FOLDER NAME] . you can see all the certificates. ## emOCSP This section provides step by step guide for installation, configuration and usage of emOCSP. This is generally deployed in the DMZ for external applications to interface. emOCSP is deployed in the MZ where in only selected internal application will have access to it. ### Configuration Note – all actions required for setting up and configuring emOCSP should be done using administrator privileges ### Environment Variables #### For Java In order to deploy emocsp.war, java environment has to be set. Please follow the below procedure. If this is already configured, then please ignore this section. To correctly set the JAVA\_HOME variable for all users, you should choose the first option, "Edit the system environment variables." Here's the corrected instruction: Search for Environment Variables: * Type "environment variables" in the Windows search bar. * Click on "Edit the system environment variables". System Properties Window: * In the System Properties window that opens, click on the "Environment Variables" button.

Edit System Variables: 1. Under "System variables," find the JAVA\_HOME variable. 2. If the variable exists: * Select it and click "Edit." * In the "Variable value" field, enter the full path to your JDK 21 installation directory (e.g., C:\Program Files\Java\jdk-21). 3. If the variable does not exist: * Click "New." * Enter JAVA\_HOME as the variable name. * Enter the full path to your JDK 21 installation directory as the variable value. Save Changes: * Click "OK" to save the changes in the Environment Variables window. * Click "OK" to close the System Properties window. For emocsp.properties This file is used to configure logs. #### **For Windows** Configure the property file path in environment variables as Variable name: EMOCSP\_CONFIGURATION\_PATH Variable value: E:\OCSP\OCSPProperties\emocsp #### **For Linux** * For setting environment variable in Linux, run following command. sudo -H gedit /etc/environment * It will open the environment folder and set the tsacore path inside the folder. EMOCSP\_CONFIGURATION\_PATH for ocspcore.properties file as shown in figure 9. #### **Snapshot** Please find below is the ocspweb.properties file snapshot for reference: ``` hibernate.dialect=org.hibernate.dialect.MySQL8Dialect jdbc.driverClassName=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://127.0.0.1:3306/emca jdbc.dbName=emca jdbc.username=[DB_USERNAME] jdbc.password=[DB_PASSWORD_ENCRYPTED] jdbc.dbHost=127.0.0.1 jdbc.dbPort=3306 #output to a temp_folder/file emOCSPlogFilePath=E:/OCSP/OCSPProperties/emocsp/log4j.xml #PKCS12 Keyprofile Location Pkcs12TypeKeyProfilesLocation=E:/OCSP/OCSPProperties/PKCS12 pkcs11TypeKeyProfilesLocation=E:/OCSP/OCSPProperties/PKCS11 ``` #### **Connection** OCSP Web has to connect to OCSP Core for passing the requests received by OCSP Web to OCSP Core. For connecting to OCSP Core, in the properties file as shown below ``` # URL where ocspcore is deployed emca.ocsp.url=http://:/ocsprespondercore ``` #### **Logs** The application uses Log4j for logging. Please specify the local server path for collecting the logs in the log4j.xml file. The local server path of log4j.xml file need to be provided in ocspweb.properties file which is set in the environment variables Log4J XML file as shown below: ``` [%d{yyyy-MM-dd HH:mm:ss.SSS}] -- {%pid} [%p] - %m%n %d{yyyy-MM-dd HH:mm:ss.SSS} %highlight{${LOG_LEVEL_PATTERN:-%5p}}{FATAL=red, ERROR=red, WARN=yellow, INFO=green, DEBUG=green, TRACE=green} %style{%pid}{magenta} --- [%4.15t] %style{%-20.40c{1.}}{cyan} : %m%n%ex E:\TSA\TSAProperties\tsaweb\logs ``` In the above highlighted LOCAL SERVER PATH, the administrator has to provide folder path where in the log files get generated. #### Deployment Following component required for deployment: * emOCSP (emOCSP.war file) emOCSP comes as a war file which has to be deployed on the application server. Server provides configuration through properties file. Please configure and save all the properties defined in the properties file then deploy the configured emOCSP Web war file. Please find below steps to deploy the application: * Copy the emOCSP.war inside Tomcat->Web apps folder apache-tomcat\webapps * Windows run services.msc * Go to Apache Tomcat and click Start #### Quick Check Guide * Once deployment is successfully done and the server is started, Open any browser like internet explorer, Google Chrome, Firefox etc. and enter URL- as mentioned below in enter address field place (For ex: https\:// 127.0.0.1:8080/OCSPResponderWeb) Following message is displayed. This implies that the application is deployed properly. “HTTP Status 405 - OCSP only supports POST”. * To verify whether logs are getting generated as per the path defined, please open the folder that is mentioned in the configuration path set in log4j.xml file (Configuration->log4j.xml) ``` "[Local Server Path]/emOCSP.log ``` Please make sure that the log file is created in the above-mentioned path. ## Setting Up Environment Variables and Managing Tomcat Service ### Java Home for OpenJDK 21 and Application-Related Step 1: Edit the \`/etc/profile\` File * Open the \`/etc/profile\` file in a text editor (e.g., nano or vim): ``` sudo nano /etc/profile ``` * Add the following lines at the end of the file to set the environment variables for Java and other application-specific configurations: ```` ```bash export JAVA_HOME=/usr/lib/jvm/java-21-openjdk export PATH=$JAVA_HOME/bin:$PATH export JRE_HOME=$JAVA_HOME/jre export CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib ``` ```` * Ensure that the path \`/usr/lib/jvm/java-21-openjdk\` matches your Java 21 installation location. * To verify the installation path, you can use the following command: ``` update-alternatives --config java ``` Alternatively, check the contents of \`/usr/lib/jvm/\`. Add any “application-specific environment variables” in the same manner: ``` export EMCA_CONFIGURATION_PATH=/home/emCAv4Solution/emCAv4/emCAProperties ``` Step 2: Save and Exit the File * For “nano editor”: * Press \`Ctrl + O\`, then press \`Enter\` to save. * Exit using \`Ctrl + X\`. Step 3: Apply the Changes * Reload the \`/etc/profile\` file to apply the changes: ``` source /etc/profile ``` Step 4: Verify the Environment Variables * Confirm that the environment variables are correctly set: ``` echo $JAVA_HOME echo $PATH ``` ### Manage the Tomcat Service Verify Tomcat Status * Check if the Tomcat service is running: ``` sudo systemctl status tomcat ``` * Start the Tomcat Service * To start the Tomcat service: ``` sudo systemctl start tomcat ``` * Restart the Tomcat Service * To restart the Tomcat service: ``` sudo systemctl restart tomcat ``` * Stop the Tomcat Service * To stop the Tomcat service: ``` sudo systemctl stop tomcat ``` {% hint style="info" %} Note: Ensure that the Tomcat service is properly registered with \`systemctl\` before performing these operations. {% endhint %}