Versions Compared

Old Version 9

changes.mady.by.user Sam Tsoi

Saved on

compared with

New Version Current

changes.mady.by.user Sam Tsoi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SHRINE utilizes a Java keystore to house certificates that are signed by the Network Hub to encrypt or "sign" queries when they are sent through the network.

To Generate a New Keystore

To generate a new keystore, run the following command (on one line) within the /opt/shrine/ directory. Please use your own values wherever you see $variables:

Code Block
languagebash
themerdark
$ keytool 
-genkeypair 
-keysize 2048 
-alias $KEYSTORE_ALIAS 
-dname "CN=$KEYSTORE_ALIAS, OU=$KEYSTORE_HUMAN, O=SHRINE Network, L=$KEYSTORE_CITY, S=$KEYSTORE_STATE, C=$KEYSTORE_COUNTRY" 
-keyalg RSA 
-keypass $KEYSTORE_PASSWORD 
-storepass $KEYSTORE_PASSWORD 
-keystore shrine.keystore $KEYSTORE_FILE
-storetype pkcs12 
-validity 7300

Most importantly, ensure that $KEYSTORE_ALIAS matches the publicly-accessible hostname of the machine that will be using this keystore. 


For example, a sample site might run this:

Code Block
languagebash
themerdark
$ keytool 
-genkeypair 
-keysize 2048 
-alias shrine-example.harvard.edu 
-dname "CN=shrine-example.harvard.edu, OU=SHRINE Example, O=SHRINE Network, L=$KEYSTORE_CITYBoston, S=$KEYSTORE_STATEMA, C=$KEYSTORE_COUNTRYUS" 
-keyalg RSA 
-keypass $KEYSTORE_PASSWORDpassword 
-storepass $KEYSTORE_PASSWORDpassword 
-keystore shrine.keystore $KEYSTORE_FILE
-storetype pkcs12 
-validity 7300

This will generate a shrine.keystore file within the /opt/shrine directory.


You can then verify the creation of the keystore by running:

Code Block
languagebash
themerdark
$ keytool -list -keystore shrine.keystore -storepass $KEYSTORE_PASSWORD