Creating the Database

Database Setup

MariaDB/MySQL

In MariaDB, use the following commands to create the database, matching the DataSource in the next step, and add privileges to connect to the database:

$ mysql -u root -p
mysql> CREATE DATABASE ejbca CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL PRIVILEGES ON ejbca.* TO 'ejbca'@'localhost' IDENTIFIED BY 'ejbca';

You should define secure passwords for your database in production. You can also improve the security by limiting access to tables. For more information, see Database Privileges.

If you don't set utf8 as character set, then EJBCA may not start because of index limitations if using the default charset utf8mb4 in some configurations of MariaDB/MySQL. It will result in an error:

Specified key was too long; max key length is 767 bytes

In some configurations for InnoDB the binlog_format defaults to statement. Running EJBCA requires is to be set to row. For example: binlog_format=row

Oracle XE version 11g Release 2

Connect to Oracle database using sqlplus (or similar tool) as sysdba: 

sqlplus sys/<your password>@//localhost:1521/XE as sysdba

And create an ejbca user and grant it the following permissions:

create user ejbca identified by ejbca;

# Permissions which must be granted to ejbca user:

GRANT create session TO ejbca;
GRANT create table TO ejbca;
GRANT create view TO ejbca;
GRANT create any trigger TO ejbca;
GRANT create any procedure TO ejbca;
GRANT create sequence TO ejbca;
GRANT create synonym TO ejbca;

GRANT RECOVERY_CATALOG_OWNER TO EJBCA WITH ADMIN OPTION;
GRANT GATHER_SYSTEM_STATISTICS TO EJBCA WITH ADMIN OPTION;
GRANT ADM_PARALLEL_EXECUTE_TASK TO EJBCA WITH ADMIN OPTION;
GRANT DBA TO EJBCA WITH ADMIN OPTION;
GRANT AQ_ADMINISTRATOR_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT CONNECT TO EJBCA WITH ADMIN OPTION;
GRANT DELETE_CATALOG_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT OEM_MONITOR TO EJBCA WITH ADMIN OPTION;
GRANT HS_ADMIN_SELECT_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT HS_ADMIN_EXECUTE_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT LOGSTDBY_ADMINISTRATOR TO EJBCA WITH ADMIN OPTION;
GRANT EXECUTE_CATALOG_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT SCHEDULER_ADMIN TO EJBCA WITH ADMIN OPTION;
GRANT IMP_FULL_DATABASE TO EJBCA WITH ADMIN OPTION;
GRANT EXP_FULL_DATABASE TO EJBCA WITH ADMIN OPTION;
GRANT DATAPUMP_IMP_FULL_DATABASE TO EJBCA WITH ADMIN OPTION;
GRANT HS_ADMIN_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT RESOURCE TO EJBCA WITH ADMIN OPTION;
GRANT AQ_USER_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT DATAPUMP_EXP_FULL_DATABASE TO EJBCA WITH ADMIN OPTION;
GRANT SELECT_CATALOG_ROLE TO EJBCA WITH ADMIN OPTION;
GRANT OEM_ADVISOR TO EJBCA WITH ADMIN OPTION;
GRANT DBFS_ROLE TO EJBCA WITH ADMIN OPTION;

On the EJBCA side in the database.properties file the following parameters must be set:

database.name=oracle
database.url=jdbc:oracle:thin:@oracledb:1521:XE
database.driver=oracle.jdbc.driver.OracleDriver
database.username=ejbca
database.password=ejbca

Next Step: Application Server Setup

Application Server Setup