SHRINE utilizes a Java keystore to house certificates that are signed by the Network Hub to encrypt or "sign" queries when they are sent through the network.
To Generate a New Keystore
To generate a new keystore, run the following command (on one line) within the /opt/shrine/ directory. Please use your own values wherever you see $variables.
Most importantly, ensure that $KEYSTORE_ALIAS matches the publicly-accessible hostname of the machine that will be using this keystore.
For example, a sample site might run this:
This will generate a shrine.keystore file within the /opt/shrine directory. You can then verify the creation of the keystore by running:
You used keytool to create a new keystore - but you have not yet created any certificates. You have created a private key that you will use to generate a certificate signing request (CSR) in the next step to send to the hub administrator. That admin will create a certificate for you in return. (The "genkeypair" keyword is a misnomer.)