Versions Compared

Old Version 6

changes.mady.by.user Keith Dwyer

Saved on

compared with

New Version 7

changes.mady.by.user Keith Dwyer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 3rd cert note

...

After the hub administrator (or CA administrator, if the two entities are separate) approves and signs the certificate, they will send back a signed version of your cert along with the hub's CA cert, as well as the cert used for normal HTTPS communication with the hub. Import both all of these into your keystore with the following commands:

keytool -import -v -alias shrine-hub-caroot.pem -file shrine-hub-caroot.pem -keystore $KEYSTORE_FILE -storepass $KEYSTORE_PASSWORD
keytool -import -v -alias $KEYSTORE_ALIAS -file shrine-client-signed.pem -keystore $KEYSTORE_FILE -storepass $KEYSTORE_PASSWORD -keypass $KEYSTORE_PASSWORD
keytool -import -v -alias shrine-hub-https -file shrine-hub-https.pem -keystore $KEYSTORE_FILE -storepass $KEYSTORE_PASSWORD -keypass $KEYSTORE_PASSWORD

Make absolutely sure the -alias value in the second command exactly matches the alias used for your original certificate! (the one marked as PrivateKeyEntry in the keystore) Otherwise, queries will fail with signature verification errors, since the CA's signature not be on the exact same keystore entry that SHRINE uses. Upon importing your signed certificate, the following message should appear:

Certificate reply was installed in keystore

If it does not, verify that you $KEYSTORE_ALIAS is set appropriately and that the keytool command is set to import to the correct alias.

Update shrine.conf and Restart SHRINE

...