Handling Configurations in a Separate Directory

In order to allow upgrades of EJBCA with a minimum of fuss, EJBCA supports keeping configurations, key stores and custom modifications in an external directory which will be shared between versions. This technique can also be used easily when performing several identical installations across several instances to share settings.

The ejbca-custom Directory

The base directory is ejbca-custom, which should be placed in the same directory as EJBCA: $ejbca_home/../ejbca-custom. When deploying, ant will replace existing files in the EJBCA directory (with some exceptions, see Configurations). If another directory is desired, it can be configured in the custom.properties file.

Configurations

Configuration Merging

Configuration files can be placed under ejbca-custom/conf, from which they will be automatically copied into $ejbca_home/conf prior to deployment.

Reading Configuration Dynamically

EJBCA can be configured to allow the application server to read some configurations dynamically on startup, and hence avoiding the need to re-deploy EJBCA later. To let the application server read configurations securely, cesecore.properties and/or ejbca.properties need to be explicitly configured with the value allow.external-dynamic.configuration=true in each respective file, before deployment.

  • If cesecore.properties is built with allow.external-dynamic.configuration=true, the application server will read the following files if placed under /etc/cesecore/conf/:

    • "cesecore.properties"

    • "extendedkeyusage.properties"

    • "cache.properties"

    • "database.properties"

    • "databaseprotection.properties"

    • "backup.properties"

    • "va.properties"

    • "ocsp.properties"

  • If ejbca.properties is built with allow.external-dynamic.configuration=true, the application server will read these files if placed under /etc/ejbca/conf/:

    • "ejbca.properties"

    • "web.properties"

    • "cmptcp.properties"

    • "externalra-caservice.properties"

    • "ocsp.properties"

    • "jaxws.properties"

    • "cache.properties"

    • "database.properties"

    • "va.properties"

    • "va-publisher.properties"

Key Stores

To reuse key stores across installations, they can be placed in ejbca-custom/p12, which will lead them to be copied into $ejbca_home/p12, from where they can be deployed to the application server.

Modifications

Lastly, custom code modifications can be stored in ejbca-custom/src/java, from where they'll be copied straight into the source tree and compiled with the rest of the code.