-
Notifications
You must be signed in to change notification settings - Fork 4
HUB management
vianneyJouhet edited this page Nov 12, 2018
·
27 revisions
In the secret.txt set IS_HUB to true
sudo docker-compose exec shrine /bin/bash
execute from /opt/shrine
./initHubCa.sh
Answer all the asked questions
sudo docker-compose exec shrine /bin/bash
execute from /opt/shrine
./sign-cert.sh <host-name-to-sign> <node-name>
# <host-name-to-sign> corresponds to file in /opt/cert/<host-to-sign>.csr
# <node-name> must be a simple character name [A-Z] only without spaces (identifies the node for result output if it fails)
The resulting signed certificate is availabe with the shrine-hub-ca.crt
at /opt/cert/<host-to-sign>-signed.csr
, they are available outside the container at SHRINEDocker/shrine/cert/
Send these two crt files back to the node adminitrator
The node as been added as a downstreamnode
in the /opt/shrine/tomcat/lib/shrine.conf
file. You can change the human readable name (it has been set to the host name by default)
####Re-sign certificate for a known host If you need to re-sign known host (i.e. certificat expiration) it is necessary to suppress corresponding keytool alias before signing cert.
sudo docker-compose exec shrine /bin/bash
####execute from /opt/shrine
keytool -delete -v -alias <hostname> -keystore shrine.keystore
keytool -delete -v -alias <hostname>_HTTP -keystore shrine.keystore