Date: Thu, 28 Mar 2024 10:08:11 -0400 (EDT) Message-ID: <519830059.756.1711634891286@prodopencatalystconfluence.catalyst> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_755_1197637246.1711634891283" ------=_Part_755_1197637246.1711634891283 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
SHRINE utilizes a Java keystore to house certificates that are s= igned by the Network Hub to encrypt or "sign" queries when they are sent th= rough the network.
To generate a new keystore, run the following command (on one line) with= in the /opt/shrine/ directory. Please use your own values wherever you see = $variables.
Most importantly, ensure that $KEYSTORE_ALIAS matches the publ= icly-accessible hostname of the machine that will be using this keystore.= p>
$ keytool -genkey= pair -keysize 2048 -alias $KEYSTORE_ALIAS -dname "CN=3D$KEYSTORE_ALIAS, OU= =3D$KEYSTORE_HUMAN, O=3DSHRINE Network, L=3D$KEYSTORE_CITY, S=3D$KEYSTORE_S= TATE, C=3D$KEYSTORE_COUNTRY" -keyalg RSA -keypass $KEYSTORE_PASSWORD -store= pass $KEYSTORE_PASSWORD -keystore $KEYSTORE_FILE -storetype pkcs12 -validit= y 7300
For example, a sample site might run this:
$ keytool -genkey= pair -keysize 2048 -alias shrine-example.harvard.edu -dname "CN=3Dshrine-ex= ample.harvard.edu, OU=3DSHRINE Example, O=3DSHRINE Network, L=3DBoston, S= =3DMA, C=3DUS" -keyalg RSA -keypass password -storepass password -keystore = shrine.keystore -storetype pkcs12 -validity 7300
This will generate a shrine.keystore file within the /opt/shrine directo= ry. You can then verify the creation of the keystore by running:
$ keytool -list -= keystore shrine.keystore -storepass password
You used keytool to create a new keystore - but you have not yet created= any certificates. You have created a private key that you will use to gene= rate a certificate signing request (CSR) in the next step to send to the hu= b administrator. That admin will create a certificate for you in return.&nb= sp; (The "genkeypair" keyword is a misnomer.)