Replies: 8 comments 3 replies
-
|
I went through the install quick some time ago and I'm trying to stand up a second instance. It's been fairly difficult to get going. I tried Wildfly 26, which got further. There used to be a ejbca-setup.sh script, but I don't see this in the latest git version. I don't really want to run docker for this if I don't have to... but at this point, I'd love to just get this up and running. I'm trying to install on Rocky 9. |
Beta Was this translation helpful? Give feedback.
-
|
Where do I find the superadmin initial password? Also, why does it seem like it's still looking for user p12 when I bring it up with -e TLS_SETUP_ENABLED="simple" per the docs? |
Beta Was this translation helpful? Give feedback.
-
|
The setup script wasn't being maintained and only fit for very specific environments, so it was really a "try-it-out"-tool, hence we replaced it with Docker. But yeah, "'-e TLS_SETUP_ENABLED="simple"' is what's going to prompt EJBCA to enroll but not issue the initial superadmin. Have you tried wiping the container and creating it anew? It could be re-running on top of a previous installation you made. |
Beta Was this translation helpful? Give feedback.
-
|
I'll try removing the image and start again without -e TLS_SETUP_ENABLED="simple". |
Beta Was this translation helpful? Give feedback.
-
|
Wiped the image. This is all I get when starting with: docker run -it --rm -p 80:8080 -p 443:8443 -h ca.server.corp keyfactor/ejbca-ce 2023-03-21 08:09:12,003+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) ####################################################################################################### |
Beta Was this translation helpful? Give feedback.
-
|
I have it up and running. I think this was a browser issue from previously rejected certificates and such. Clearing all superadmin certs I had laying around and restarting the browser allowed me to connect. I'd prefer to have it functioning with a client certificate but this will do for now. |
Beta Was this translation helpful? Give feedback.
-
|
Use -e TLS_SETUP_ENABLED="true" to use mtls to access EJBCA. |
Beta Was this translation helpful? Give feedback.
-
Thanks. So if I started the container with "simple", and I restart the container with "true", how do I retrieve the superadmin.p12 cert for my browser and where will I find the password? Is there another way to get this information or turn this on after the fact so I don't have to keep wiping out my container? |
Beta Was this translation helpful? Give feedback.
-
Nevermind. Helps to read ALL of the docs and not just some of them. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the help. One more issue. I went through the process of creating the SuperAdmin account with certificate using these docs: https://doc.primekey.com/ejbca/tutorials-and-guides/tutorial-start-out-with-ejbca-docker-container and now that I've altered the Roles and Access Rules to restrict to the SuperAdmin user, I no longer see any of my CA's in "CA Activation". Is there some ACL I have to tweak? |
Beta Was this translation helpful? Give feedback.
-
|
I'd advise very strongly against tweaking the SuperAdmin user, that's your basic safety line if everything else breaks. Basically your root account. Instead, create new Roles and issue client certs for those for every day use. |
Beta Was this translation helpful? Give feedback.
-
After struggling with getting the git version running, I'm trying docker. I never see the second part of Step 2:
https://doc.primekey.com/ejbca/tutorials-and-guides/quick-start-guide-start-ejbca-container-with-client-certificate-authenticated-access
It never spits out the username and password.
Beta Was this translation helpful? Give feedback.
All reactions