wiki:Software/Configuration/IcaToMua

Version 4 (modified by smith@…, 8 years ago) (diff)

Tidied up a bit

How To: Configure an ICA and an MUA to communicate

For an ICA and an MUA to communicate two things need to be done:

  1. Metadata for the MUA (e.g. web service URLs) needs to be configured in the ICA (see Section 1)
  2. Public key information for each needs to be exchanged (see Section 2.)

1. Swapping Metadata

The ICA needs to know some information


2. Swapping Keys

The ICA and MUA that are going to communicate need a copy of each other's public key to enable this communication.

When the ICA and MUA are installed, a PEM encoded version of their public keys are saved in their home directory's keys information as raptor-ica-public.crt and raptor-mua-public.crt respectively (see this wiki page for further information. Swapping these keys involves the following process.

2.1 On the MUA

  1. Copy the ICA's public key from its keys directory (ica/keys/raptor-ica-public.crt on the ICA server) to the a temporary directory (e.g. /tmp or ~/) on the MUA server (using SCP or your other favourite file transfer protocol). The rest of these instructions will assume you coped it to /tmp/.
  1. In the MUA's truststore (authorised-keys.jks, import the ICA's public key, by:
    • Navigating to the MUA's keys directory (/opt/raptor/mua/keys on Linux, C:\Program Files\Raptor\MUA\keys on Windows)
    • Running the following command:
      # keytool -import -keystore authorised-keys.jks -keypass changeit -alias raptormua -file /tmp/raptor-mua-public.crt
      
      • Note that this assumes that Java's bin directory is in the PATH, and that you have not yet changed the keystore password of the authorised-keys.jks file. If either of these assumptions are incorrect you will have to modify the command above accordingly.
      • Also note that if you are configuring multiple MUAs, you will have to give each a separate alias by modifying the command above accordingly.
  1. Delete the temporary copy of the ICA's key.
    • e.g. on Linux
      # rm /tmp/raptor-ica-public.crt
      

2.2 On the ICA

Do the same as above, but in reverse. That is:

  1. Copy the MUA's public key from its keys directory (mua/keys/raptor-ica-public.crt on the MUA server) to the a temporary directory (e.g. /tmp or ~/) on the ICA server (using SCP or your other favourite file transfer protocol). The rest of these instructions will assume you coped it to /tmp/.
  1. In the ICA's truststore (authorised-keys.jks, import the MUA's public key, by:
    • Navigating to the ICA's keys directory (/opt/raptor/ica/keys on Linux, C:\Program Files\Raptor\ICA\keys on Windows)
    • Running the following command:
      # keytool -import -keystore authorised-keys.jks -keypass changeit -alias raptorica -file /tmp/raptor-ica-public.crt
      
      • Note that this assumes that Java's bin directory is in the PATH, and that you have not yet changed the keystore password of the authorised-keys.jks file. If either of these assumptions are incorrect you will have to modify the command above accordingly.
      • Also note that if you are configuring multiple ICAs, you will have to give each a separate alias by modifying the command above accordingly.
  1. Delete the temporary copy of the MUA's key.
    • e.g. on Linux
      # rm /tmp/raptor-mua-public.crt