wiki:Software/Configuration/AllToAll
Last modified 7 years ago Last modified on 04/04/12 15:40:45

How To: Configure an ICA, an MUA, and Web, all co-located on a single server to communicate

For an ICA and an MUA to communicate two things need to be done:

  1. Metadata for the MUA (e.g. web service URLs) needs to be configured in the ICA (see Section 1)
  2. Public key information for each needs to be exchanged (see Section 2)

1. Swapping Metadata

If all of the components are co-located on a single server, then the default configuration for all web service URLs is already correct, and nothing needs to be done.


2. Swapping Keys

  1. Create the keystore and export the public key to a .crt file for all components
    keytool -genkey -alias raptorica -keystore /opt/raptor/ica/keys/raptor-ica.jks -storepass changeit -keypass changeit -dname "CN=`hostname -f`,ou=ICA,o=Raptor" -validity 7300 -keyalg RSA -keysize 2048
    keytool -export -alias raptorica -keystore /opt/raptor/ica/keys/raptor-ica.jks -storepass changeit -file /opt/raptor/ica/keys/raptor-ica-public.crt
    
    keytool -genkey -alias raptormua -keystore /opt/raptor/mua/keys/raptor-mua.jks -storepass changeit -keypass changeit -dname "CN=`hostname -f`,ou=MUA,o=Raptor" -validity 7300 -keyalg RSA -keysize 2048
    keytool -export -alias raptormua -keystore /opt/raptor/mua/keys/raptor-mua.jks -storepass changeit -file /opt/raptor/mua/keys/raptor-mua-public.crt
    
    keytool -genkey -alias raptorweb -keystore /opt/raptor/web/keys/raptor-web.jks -storepass changeit -keypass changeit -dname "CN=`hostname -f`,ou=WEB,o=Raptor" -validity 7300 -keyalg RSA -keysize 2048
    keytool -export -alias raptorweb -keystore /opt/raptor/web/keys/raptor-web.jks -storepass changeit -file /opt/raptor/web/keys/raptor-web-public.crt
    
  1. Swap keys
    # First swap keys between ICA and MUA
    keytool -import -noprompt -keystore /opt/raptor/ica/keys/authorised-keys.jks -storepass changeit -alias raptormua -file /opt/raptor/mua/keys/raptor-mua-public.crt
    keytool -import -noprompt -keystore /opt/raptor/mua/keys/authorised-keys.jks -storepass changeit -alias raptorica -file /opt/raptor/ica/keys/raptor-ica-public.crt
    
    # Then between MUA and Web
    keytool -import -noprompt -keystore /opt/raptor/web/keys/authorised-keys.jks -storepass changeit -alias raptormua -file /opt/raptor/mua/keys/raptor-mua-public.crt
    keytool -import -noprompt -keystore /opt/raptor/mua/keys/authorised-keys.jks -storepass changeit -alias raptorweb -file /opt/raptor/web/keys/raptor-web-public.crt