Changes between Version 2 and Version 3 of Software/Configuration/IcaToMua


Ignore:
Timestamp:
05/13/11 12:50:56 (9 years ago)
Author:
smith@…
Comment:

First attempt at swapping key instructions

Legend:

Unmodified
Added
Removed
Modified
  • Software/Configuration/IcaToMua

    v2 v3  
    1010== 2. Swapping Keys == 
    1111 
    12 When the ICA and MUA are installed, a PEM encoded version of their public keys are saved in their home directory's keys information as {{{ica-?.crt}}} and {{{mua-?.crt}}} respectively (see [Software/Configuration/Files this wiki page] for further information. 
     12The ICA and MUA that are going to communicate need a copy of each other's public key to enable this communication. 
    1313 
    14 Swapping keys involves the following process: 
     14When the ICA and MUA are installed, a PEM encoded version of their public keys are saved in their home directory's keys information as {{{raptor-ica-public.crt}}} and {{{raptor-mua-public.crt}}} respectively (see [Software/Configuration/Files this wiki page] for further information. Swapping these keys involves the following process. 
    1515 
    16 1. In the ICA's truststore ({{{ica/conf/authorised-keys.jks}}}, import the MUA's public key. 
     16== 2.1 On the MUA == 
     17 
     181. Copy the ICA's public key from its keys directory ({{{ica/keys/raptor-ica-public.crt}}} on the ICA server) to the a temporary directory (e.g. {{{/tmp}}} or {{{~/}}}) on the MUA server (using SCP or your other favourite file transfer protocol). The rest of these instructions will assume you coped it to {{{/tmp/}}}. 
     19 
     202. In the MUA's truststore ({{{authorised-keys.jks}}}, import the ICA's public key, by: 
     21 * Navigating to the MUA's keys directory ({{{/opt/raptor/mua/keys}}} on Linux, {{{C:\Program Files\Raptor\MUA\keys}}} on Windows) 
     22 * Running the following command: 
    1723{{{ 
    18 # keytool  
     24# keytool -import -keystore authorised-keys.jks -keypass changeit -alias raptormua -file /tmp/raptor-mua-public.crt 
    1925}}} 
    20 1. In the MUA's truststore ({{{mua/conf/authorised-keys.jks}}}, import the ICA's public key. 
     26  * ''Note that this assumes that Java's {{{bin}}} directory is in the PATH, and that you have not yet changed the keystore password of the {{{authorised-keys.jks}}} file. If either of these assumptions are incorrect you will have to modify the command above accordingly.'' 
     27  * ''Also note that if you are configuring multiple MUAs, you will have to give each a separate alias by modifying the command above accordingly.'' 
     28 
     293. Delete the temporary copy of the ICA's key. 
     30 * e.g. on Linux 
    2131{{{ 
    22 # 
     32# rm /tmp/raptor-ica-public.crt 
    2333}}} 
     34 
     35== 2.2 On the ICA == 
     36 
     37Do the same as above, but in reverse. That is: 
     38 
     391. Copy the MUA's public key from its keys directory ({{{mua/keys/raptor-ica-public.crt}}} on the MUA server) to the a temporary directory (e.g. {{{/tmp}}} or {{{~/}}}) on the ICA server (using SCP or your other favourite file transfer protocol). The rest of these instructions will assume you coped it to {{{/tmp/}}}. 
     40 
     412. In the ICA's truststore ({{{authorised-keys.jks}}}, import the MUA's public key, by: 
     42 * Navigating to the ICA's keys directory ({{{/opt/raptor/ica/keys}}} on Linux, {{{C:\Program Files\Raptor\ICA\keys}}} on Windows) 
     43 * Running the following command: 
     44{{{ 
     45# keytool -import -keystore authorised-keys.jks -keypass changeit -alias raptorica -file /tmp/raptor-ica-public.crt 
     46}}} 
     47  * ''Note that this assumes that Java's {{{bin}}} directory is in the PATH, and that you have not yet changed the keystore password of the {{{authorised-keys.jks}}} file. If either of these assumptions are incorrect you will have to modify the command above accordingly.'' 
     48  * ''Also note that if you are configuring multiple ICAs, you will have to give each a separate alias by modifying the command above accordingly.'' 
     49 
     503. Delete the temporary copy of the MUA's key. 
     51 * e.g. on Linux 
     52{{{ 
     53# rm /tmp/raptor-mua-public.crt 
     54}}}