HUB management

During installation

In the secret.txt set IS_HUB to true

Post installation settings

Enter into the shrine container

sudo docker-compose exec shrine /bin/bash

Create a new certification certificate

execute from /opt/shrine

./initHubCa.sh

Answer all the asked questions

Signing a csr

Copy csr and _HTTPS.crt into SHRINEDocker/shrine/cert/

Enter into the shrine container

sudo docker-compose exec shrine /bin/bash

sign the csr

execute from /opt/shrine

./sign-cert.sh <host-name-to-sign> <node-name> 
# <host-name-to-sign> corresponds to file in /opt/cert/<host-to-sign>.csr
# <node-name> must be a simple character name [A-Z] only without spaces (identifies the node for result output if it fails)

The resulting signed certificate is availabe with the shrine-hub-ca.crt at /opt/cert/<host-to-sign>-signed.csr, they are available outside the container at SHRINEDocker/shrine/cert/

Send these two crt files back to the node adminitrator

The node as been added as a downstreamnode in the /opt/shrine/tomcat/lib/shrine.conf file. You can change the human readable name (it has been set to the host name by default)

####Re-sign certificate for a known host If you need to re-sign known host (i.e. certificat expiration) it is necessary to suppress corresponding keytool alias before signing cert.

Enter into the shrine container

sudo docker-compose exec shrine /bin/bash

####execute from /opt/shrine

keytool -delete -v -alias <hostname> -keystore shrine.keystore
keytool -delete -v -alias <hostname>_HTTP -keystore shrine.keystore