Install EJBCA as a CA with a Management CA

Use this procedure to install your first instance of EJBCA. This installation creates the Management CA, which serves as the administrative root for your Public Key Infrastructure (PKI).

Run the Installation Command

The installation command initializes the EJBCA environment and performs the following actions:

• Creates the Management CA, used for internal administration of your PKI and certificate signing.

• Generates TLS key stores for HTTPS, signed by the Management CA.

• Creates a key store for the initial Super Administrator.

• Adds initial access control values into the database, and role information for the Super Administrator.

To perform the installation, run:

$ ant runinstall

If you are moving an existing installation that already has TLS keystores available, you can skip this step.

Deploy TLS Keystores to WildFly

After the install, TLS keystores have been created. Run this command to copy the key stores to wildfly_home/standalone/configuration/keystore:

$ ant deploy-keystore

If you run WildFly as a service as another OS user than the one running deploy-keystore you may have to change user on the files keystore.p12 and truststore.p12 as follows:

chown wildfly:wildfly opt/wildfly/standalone/configuration/keystore/*

Optional: Add Additional Management CAs

If you later create other CAs that you want to add as acceptable CAs in the server TLS configuration, or if you renew the CA certificate, you can install any CA certificate in the server TLS configuration using:

$ ant -Dca.name="My CA Name" javatruststore

This command:

• Adds the specified CA certificate to p12/truststore.jks.

• Copies the updated trust store to: APPSRV_HOME/standalone/configuration/keystore.

This step requires a restart of the application server.

For more information about roles and access management, see Roles and Access Rules Operations. 

Next Step: Finalizing the Installation

Continue by reviewing information on Finalizing the installation.