Skip to Content

Changes for page EJBCA

Last modified by Sebastian Marsching on 2024/01/08 15:21
From version 1.2
edited by Sebastian Marsching
on 2022/04/03 13:54
Change comment: Added tag [Network]
To version 2.1
edited by Sebastian Marsching
on 2024/01/08 15:21
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,3 +1,5 @@
1 +{{toc/}}
2 +
1 1  [EJBCA](http://www.ejbca.org/) is a software suite for managing a public key infrastructure (PKI) entirely written in Java and running in a Java Enterprise Edition (JEE) application server.
2 2  
3 3  # Migrating the EJBCA Database from H2 to PostgreSQL
... ... @@ -18,3 +18,19 @@
18 18  1. Be sure to delete all records from the tables in the PostgreSQL database. There are various ways to do this: I dumped the SQL schema with `pg_dump` and re-imported it, dropping all existing tables. Running `DELETE` statements on all tables or using SQuirrel SQL from the next step should also work. Whatever you do, make sure to delete **all** records before continuing with importing the existing data from the H2 database.
19 19  1. Install and start [SQuirreL SQL](http://squirrel-sql.sourceforge.net/). You have to install and configure the H2 and PostgreSQL drivers. Create connections for both the old H2 and the new PostgreSQL database. If everything went right, you should now see the same tables for both connections. For each table in the H2 database choose copy from the context-menu and paste it in the PostgreSQL database. I proceeded alphabetically, however the table `admingroupdata` has to be copied before `accessrulesdata` and `adminentitydata`. A table with the name `dbcopytest` might be created automatically. After you have copied all tables, you can safely drop this table.
20 20  1. Start the application server. Everything in the EJBCA administration interface should work as before. Be sure to test all functionality, before going back into normal operation.
23 +
24 +# Exporting crypto tokens
25 +
26 +Crypto tokens cannot be exported directly, but they can be retrieved from the database. First, connect to the database and run the following query:
27 +
28 +```sql
29 +SELECT tokendata FROM cryptotokendata WHERE tokenname LIKE 'my token name';
30 +```
31 +
32 +The resulting data is a Base64-encoded Java key store. Save the data to a file called keystore.b64 and run
33 +
34 +```sh
35 +base64 -d keystore.b64 >keystore.jks
36 +```
37 +
38 +You can then open the resulting file with any tool that can deal with Java key stores, e.g. [KeyStore Explorer](https://keystore-explorer.org/). The password when opening the keystore is the “authentication code” that was set when creating the crypto token. If you cannot remember the authentication code, the [EJBCA keystore password recovery](https://github.com/simonlopez/ejbca-keystore-recovery) tool might help.