Page History
Info | ||
---|---|---|
| ||
This wiki page has been hidden from the rest of the SHRINE documentation due to several problems and inaccuracies that require significant revision:
The solution to problems #2 and #3 is:
This page should be rewritten before it is activated again. I have made the recommendation above based on actual tests I conducted this afternoon (2020-May-15) using OpenJDK 11.0.7. |
Info | ||
---|---|---|
| ||
Note that the following instructions are for a Comodo PositiveSSL certificate / bundle. This process should be similar to other commercial SSL providers. |
In recent timesBy default, our recommendation for all network downstream sites a typical ACT remote site is to have them it submit a Certificate Signing Request (CSR) to the Hub for signing, in which a signed certificate is then sent back along with the Hub's CA and HTTPS certificate. Sites then import the certs certificate authority (CA) of the ACT tier to which they are joining. The CA will in turn generate a new certificate for the downstream site, and we will return that certificate, the hub certificate, and the CA certificate of the tier back to the downstream site. The site then import the certificates into their shrine.keystore, and configure their shrine.conf and server.xml to look at that keystore to serve SHRINE. to point to the alias entry in the keystore that corresponds to the site.
A typical keystore after importing all the certs in would look like this (assuming that the downstream site is called "acttest.harvardshrine.net
"):
Code Block | ||||
---|---|---|---|---|
| ||||
Keystore type: jks Keystore provider: SUN Your keystore contains 3 entries acttest.harvardshrine.net, Oct 31, 2018, PrivateKeyEntry, Certificate fingerprint (SHA1): 26:0B:FE:98:21:BA:C8:5A:A5:F5:35:79:8E:81:1A:E9:F4:3B:FF:56 shrine-act-test-ca, Jul 31, 2019, trustedCertEntry, Certificate fingerprint (SHA1): 13:4D:B5:5C:E3:48:A0:7B:9B:20:22:8B:0B:C1:BE:DD:B9:E4:1B:AD shrine-act-test.hms.harvard.edu, Jul 31, 2019, trustedCertEntry, Certificate fingerprint (SHA1): 52:82:A0:6D:D1:48:B2:EA:BB:2C:58:BD:E5:C7:3B:21:75:2B:46:F6 |
...