Versions Compared

Old Version 90

changes.mady.by.user Sam Tsoi

Saved on

compared with

New Version 91

changes.mady.by.user David Walend

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
themerdark
$ cd /opt/shrine/tomcat/webapps
$ wget https://repo.open.med.harvard.edu/nexus/content/groups/public/net/shrine/meta-war/1.22.4/meta-war-1.22.4.war -O shrine-meta.war

 

Keystore Cleanup

...

For hub-and-spoke systems, we recommend four certificates in shrine's shrine.keystore on nodes:

  • The node's signing cert so that its QEP can sign queries.
  • The hub's public CA cert so that its adapter can verify other nodes' signatures.
  • The hub's public https cert so that the node will trust the hub.
  • A cert for this node to use to serve https, referenced in the server.xml file. (Use a cert signed by a public cert authority to avoid a warning in users' browsers.)  

For hub-and-spoke systems, SHRINE now insists that the only two certificates exist in shrine's shrine.keystore on spokes: the node's signing cert, and the hub's public CA cert. See what certs are there and remove any extras. SHRINE will verify that the signing cert is signed by the hub's public cert. See Generate a Certificate Signing Request .

...

Code Block
languagexml
themeRDark
...
<Connector port="6443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/opt/shrine/shrine-httpsshrine.keystore"
               keystorePass="changeit" keyAlias="your.key.alias" />

...

...