I've installed an EJBCA QuickStart container in a PoC context.
I launched successfully the web panel admin is accessible by using this URL : https://localhost:8443/ejbca/adminweb/
However, I'm facing a 404 when I try to access the APIs definitions : https://localhost:8443/ejbca/swagger-ui
The documentation mentions this :
The Swagger UI is only available if you build EJBCA in non-production mode, i.e. with ejbca.productionmode=false set in conf/ejbca.properties, and if REST is activated as a protocol (see below).
I've check this option was set correctly :
pki@localhost:~$ docker exec -it ejbca bash
bash-4.4$ cat ejbca/conf/ejbca.properties
#appserver.home=/opt/wildfly
ejbca.productionmode=false
# Allow override from /etc/ejbca/conf/
allow.external-dynamic.configuration=true
#------------------- EJBCA Healthcheck settings -------------
healthcheck.amountfreemem=16
healthcheck.dbquery=SELECT 1 FROM CertificateData WHERE fingerprint='XX'
healthcheck.authorizedips=ANY
healthcheck.catokensigntest=true
healthcheck.publisherconnections=false
healthcheck.maintenancefile=/etc/ejbca/conf/maintenance.properties
healthcheck.maintenancepropertyname=DOWN_FOR_MAINTENANCE
healthcheck.okmessage=ALLOK
healthcheck.customerrormessage=EJBCANOTOK
healthcheck.sendservererror=true
#------------------- CLI settings -------------
ejbca.cli.defaultusername=ejbca
ejbca.cli.defaultpassword=ejbca
# By default, EJBCA keeps a list of every EJBCA instance's hostname that has started in this cluster
# and allows for example Services to be pinned to a specific set of hostnames.
# In environments that has many short-lived instances with different hostnames this should be disabled.
#
# Default: true
ejbca.nodetracking=false
bash-4.4$
Also I activated both APIs v1 and v2 so I can use the APIs if I provided the good cert and key in my request :
toto@titi:~/PKI$ curl -k -X GET "https://localhost:8443/ejbca/ejbca-rest-api/v1/certificate/status" --cert api.crt --key api.key
{"status":"OK","version":"1.0","revision":"EJBCA 8.0 Community (ce7f5e74b9a054edf61b188fa46f03e57b8478ab)"}
toto@titi:~/PKI$ curl -k -X GET "https://localhost:8443/ejbca/ejbca-rest-api/v2/certificate/status" --cert api.crt --key api.key
{"status":"OK","version":"2.0","revision":"EJBCA 8.0 Community (ce7f5e74b9a054edf61b188fa46f03e57b8478ab)"}
It works, and it's running. I don't know why I can't access to the Swagger UI as mentioned in the documentation... Any idea ? Thanks in advance !
The swagger UI is a build-time component. It is not available in the container. To use the swagger-UI you need to install from source. Not ideal, agreed, but that's how it is at the moment.