| 5 | | == Swapping keys == |
| | 5 | 1. Metadata for the MUA (e.g. web service URLs) needs to be configured in !RaptorWeb (see Section 1) |
| | 6 | 1. Public key information for each needs to be exchanged (see Section 2) |
| | 7 | |
| | 8 | ---- |
| | 9 | |
| | 10 | == 1. Swapping Metadata == |
| | 11 | |
| | 12 | !RaptorWeb needs to know some information about the MUA (specifically its web service URL) in order to communicate with it. |
| | 13 | |
| | 14 | If !RaptorWeb and the MUA are located on different machines, then !RaptorWeb will need to be reconfigured to point to the machine on which the MUA resides. To do this, do the following. |
| | 15 | |
| | 16 | Open the {{{web/conf/mua-endpoints.xml}}} file on the server hosting !RaptorWeb and find the bean labelled "muaRegistry". Find the property labelled "MUAEntries". In that bean will be a property labelled "serviceEndpoint". The default value of this will be: |
| | 17 | {{{ |
| | 18 | https://localhost:8111/MUA/MultiUnitAggregator |
| | 19 | }}} |
| | 20 | |
| | 21 | Change this value to the correct value for the server hosting your MUA. For example, assuming you didn't change the port or contextPath in the MUA's {{{server.properties}}} file and the MUA is running on a server called "raptor.example.com", this should be changed to: |
| | 22 | {{{ |
| | 23 | https://raptor.example.com:8111/MUA/MultiUnitAggregator |
| | 24 | }}} |
| | 25 | ---- |
| | 26 | |
| | 27 | == 2. Swapping Keys == |
| | 28 | |
| | 29 | The MUA and !RaptorWeb that are going to communicate need a copy of each other's public key to enable this communication. |
| | 30 | |
| | 31 | When the MUA and !RaptorWeb are installed, a DER encoded version of their public keys are saved in their home directory's keys information as {{{raptor-mua-public.crt}}} and {{{raptor-web-public.crt}}} respectively (see [Software/Configuration/Files this wiki page] for further information). Swapping these keys involves the following process. |
| | 32 | |
| | 33 | == 2.1 On the MUA == |
| | 34 | |
| | 35 | 1. Copy !RaptorWeb's public key from its keys directory ({{{web/keys/raptor-web-public.crt}}} on !RaptorWeb's server) to the a temporary directory (e.g. {{{/tmp}}} or {{{~/}}}) on the MUA server (using SCP or your other favourite file transfer protocol). The rest of these instructions will assume you copied it to {{{/tmp/}}}. |
| | 36 | |
| | 37 | 2. In the MUA's truststore ({{{authorised-keys.jks}}}), import !RaptorWeb's public key, by: |
| | 38 | * Navigating to the MUA's keys directory ({{{/opt/raptor/mua/keys}}} on Linux, {{{C:\Program Files\Raptor\MUA\keys}}} on Windows) |
| | 39 | * Running the following command: |
| | 40 | {{{ |
| | 41 | # keytool -import -keystore authorised-keys.jks -storepass changeit -alias raptorweb -file /tmp/raptor-web-public.crt |
| | 42 | }}} |
| | 43 | * ''Note that this assumes that Java's {{{bin}}} directory is in the PATH, and that you have not yet changed the keystore password of the {{{authorised-keys.jks}}} file. If either of these assumptions are incorrect you will have to modify the command above accordingly.'' |
| | 44 | |
| | 45 | 3. Delete the temporary copy of !RaptorWeb's key. |
| | 46 | * e.g. on Linux |
| | 47 | {{{ |
| | 48 | # rm /tmp/raptor-web-public.crt |
| | 49 | }}} |
| | 50 | |
| | 51 | == 2.2 On !RaptorWeb == |
| | 52 | |
| | 53 | Do the same as above, but in reverse. That is: |
| | 54 | |
| | 55 | 1. Copy the MUA's public key from its keys directory ({{{mua/keys/raptor-mua-public.crt}}} on the MUA server) to the a temporary directory (e.g. {{{/tmp}}} or {{{~/}}}) on !RaptorWeb's server (using SCP or your other favourite file transfer protocol). The rest of these instructions will assume you coped it to {{{/tmp/}}}. |
| | 56 | |
| | 57 | 2. In !RaptorWeb's truststore ({{{authorised-keys.jks}}}), import the MUA's public key, by: |
| | 58 | * Navigating to !RaptorWeb's keys directory ({{{/opt/raptor/web/keys}}} on Linux, {{{C:\Program Files\Raptor\Web\keys}}} on Windows) |
| | 59 | * Running the following command: |
| | 60 | {{{ |
| | 61 | # keytool -import -keystore authorised-keys.jks -storepass changeit -alias raptormua -file /tmp/raptor-mua-public.crt |
| | 62 | }}} |
| | 63 | * ''Note that this assumes that Java's {{{bin}}} directory is in the PATH, and that you have not yet changed the keystore password of the {{{authorised-keys.jks}}} file. If either of these assumptions are incorrect you will have to modify the command above accordingly.'' |
| | 64 | |
| | 65 | 3. Delete the temporary copy of the MUA's key. |
| | 66 | * e.g. on Linux |
| | 67 | {{{ |
| | 68 | # rm /tmp/raptor-mua-public.crt |
| | 69 | }}} |
| | 70 | |
| | 71 | = 3. Restarting components = |
| | 72 | |
| | 73 | Restart both the MUA and !RaptorWeb so that they reread their {{{authorised-keys.jks}}} files. |
