After importing all the certificates into your SHRINE keystore, you will need to configure two places to utilize the new keystore:

The first place, is in the keystore section within shrine.conf:

keystore {
    file = "/opt/shrine/shrine.keystore"
    password = "password"
    privateKeyAlias = "$KEYSTORE_ALIAS"
    keyStoreType = "JKS"
    caCertAliases= ["HUB_CA_CERT_ALIAS"]

 SHRINE will use privateKeyAlias to find the signed certificate to sign queries going out from your site, and caCertAliases to verify queries before running them.

  • No labels