EJBCA 7.9.0.x community edition deployment issues

[hstrang]

This is something that I am not really familiar with, but I banged my head against the wall some days and nights because of this. Of course I might have missed something that is obvious for everyone else.

Following the deployment instructions "ant deploy-keystore" copies the two files to Wildfly .../keystore as ".jks" while the instructions to configure Wildfly 24 refer to the same files as ".p12". The deployment succeeds but nothing works as for some weird reason Wildfly startup doesn't fail if the configured certificates are missing.

As the next step, while finally after endless troubleshooting I found this issue, my .p12 files were owned by root. Then at least Wildfly finally failed to start up. So chown wildfly.wildfly .../keystore/*.p12 would also be needed to do a successful setup after the files have been named correctly.

A smaller issue is that whatever configuration files you put into /opt/ejbca-custom are copied by ant to /opt/ejbca/ instead of /opt/ejbca/conf where they are actually read from during the configuration and installation.

[primetomas]

For the ejbca-custom question I can answer. Everything under ejbca-custom is copied "as-is", i.e. you should place modified properties files under /opt/ejbca-custom/cont. This enables any files to be modified. Documentation: https://doc.primekey.com/ejbca/tutorials-and-guides/modifying-ejbca/handling-configurations-in-a-separate-directory

[primetomas]

For 7.10 (in a few weeks) documentation is updated for the jks/p12 issue with WildFly 24+.