Page tree
Skip to end of metadata
Go to start of metadata

After importing all the certificates into your SHRINE keystore, you will need to configure two places to utilize the new keystore:

The first place, is in the keystore section within shrine.conf:

keystore {
    file = "/opt/shrine/shrine.keystore"
    password = "password"
    privateKeyAlias = "$KEYSTORE_ALIAS"
    keyStoreType = "JKS"
    caCertAliases= ["HUB_CA_CERT_ALIAS"]

This is to make sure SHRINE uses the signed certificate to sign queries going out from your site.

The second place, is in the keystore section within /opt/shrine/tomcat/conf/server.xml:

<Connector port="6443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keyAlias="$KEYSTORE_ALIAS" />

This is to configure Tomcat to use the same signed certificate to serve your site's HTTPS traffic. 

After making changes to these two files, please restart Tomcat services.

  • No labels