After importing all the certificates into your SHRINE keystore update the keystore section within shrine.conf:

keystore {
    file = "/opt/shrine/shrine.keystore"
    privateKeyAlias = "$KEYSTORE_ALIAS"
    caCertAliases= ["$HUB_CA_CERT_ALIAS"]
  }

SHRINE will use privateKeyAlias to find the signed certificate to sign queries going out from your site, and caCertAliases to verify queries before running them.

Add the keystore password to password.conf

shrine.keystore.password = "password"