Page History

...

For hub-and-spoke systems, SHRINE now insists that the only two certificates in shrine's shrine.keystore on spokes are the node's signing cert and the hub's public CA cert. SHRINE uses the signing certificate for https as well. See what certs are there and remove any extras. SHRINE will verify that the signing cert is signed by the hub's public cert. 

Be sure the original keystore is backed up!

If you previously used a separate cert for https (signed by a public cert authority) consider using that cert and having the hub sign it. That may be the easiest way to use two certs.

$ keytool -list -keystore /opt/shrine/shrine.keystore

...

You may need to set or update the keyAlias in server.xml's to use the node's signing cert. If you would like to use a different certificate for https the easiest fix is to use a separate keystore fie. 

Database Changes

These instructions all use mysql syntax. Versions of .ddl files exist for Oracle and MSSQLServer within SHRINE's source code.

...