Script: run_ca: Generates the Root CA.
Parameter | Value | Description |
---|---|---|
keysize | 2048/4096 | Specifies the RSA key length. The default value is 2048. |
keystorepass | Any string between 6 and 1023 characters | Specifies the password to the Root CA keystore. A prompt will be shown for the default value. |
cacertdname | Sets the Distinguished Name of the CA certificate, starting with a
forward-slash. The default value
is/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco CA |
|
servername | Any string | DNS Names for Root CA. Multiple values can be provided, split by “,”. For example: localhost,additional. In Windows variant these have to be enclosed in double quotes. The default value is localhost. |
validityduration | Positive integer | Duration of Root CA validity in days. The default value is 365. |
Script: run_encryption: Generates keystore for Repository metadata encryption.
Parameter | Value | Description |
---|---|---|
servicename | String | Encryption service name. The default value is encryption. |
subfoldername | String | Subfolder name to generate the encryption keystore in. The default value is the same as servicename. |
encstorepass | Any string between 6 and 1023 characters | Specifies the password for the encryption keystore. A prompt will be shown for the default value. |
encmetadatapass | Any string between 6 and 1023 characters | Specifies the password for the encryption key. Key alias: metadata. A prompt will be shown for the default value. |
alfrescoformat | classic/current | Default format for certificates: current for Search and Insight Engine or Search Services 2.0.0+, and classic for previous versions. The default value is current. classic value settings: Keystore type: JCEKS. Key algorithm: DESede. Creates a password file. current value settings: Keystore type: PKCS12, Key algorithm: AES, Keysize: 256, No password file created. |
Script: run_additional: Generates a keystore and truststore for a service. Can be ran with assignment of role (client/server) to generate two separate sets of those.
Parameter | Value | Description |
---|---|---|
servicename | String | Service name. The default value is service. |
subfoldername | String | Subfolder name to generate the keystore and truststore in. The default value is the same as servicename. |
alias | String | Private key alias. The default value is the same as servicename. |
role | client/server/both | Role to be fulfilled by the keystore key, different roles correspond to dedicated settings in openssl.cnf file. The default value is both. |
rootcapass | String | Password that has been set for the Root CA, it is mandatory and not set by default. The default value is not set and will result with an exception being thrown. |
keysize | 2048/4096 | Specifies the RSA key length. The default value is 2048. |
keystoretype | PKCS12/JKS/JCEKS | Sets the type of the keystore (containing private keys). The default value is JCEKS. |
keystorepass | Any string between 6 and 1023 characters | Specifies the password for the keystore. A prompt will be shown for the default value. |
notruststore | N/A | Flag to turn off generating of the truststore and needs to be defined. The default value is N/A. |
truststoretype | JKS/JCEKS | Sets the type of the truststore (containing public keys). The default value is JCEKS. |
truststorepass | Any string between 6 and 1023 characters | Specifies the password for the truststore. A prompt will be shown for the default value. |
certdname | String | Sets the Distinguished Name of the CA certificate, starting with a
forward-slash. The default value is
/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Service. |
servername | String | DNS Names for Service. Multiple values can be provided, split by “,”. For example: localhost,additional. In Windows, these have to be enclosed in double quotes. The default value is localhost. |
alfrescoformat | classic/current | The default format for certificates is current for Search and Insight Engine or Search Services 2.0.0+, and classic for previous versions. The main difference is that classic format generates text files containing keystore/truststore password, private key/public key alias, and in case of keystore, also the private key password (which currently has to be the same as the keystore). The default value is current. |
Note: If you plan to use custom DNames in your certificates,
you must use double quotes around the values. For example:
$ ./run.sh -cacertdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco/OU=Unknown/CN=Windows Alfresco CA" -repocertdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco/OU=Unknown/CN=Repo" -solrcertdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco/OU=Unknown/CN=Solr"
It is recommended that you set your own passwords when generating certificates. For example:
(For Linux)
./run.sh -keystorepass "password" -truststorepass "password"
(For Windows)
run.cmd -keystorepass "password" -truststorepass "password"