New scripts summary - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

Script: run_ca: Generates the Root CA.

Parameter Value Description
keysize 2048/4096 Specifies the RSA key length. The default value is 2048.
keystorepass Any string between 6 and 1023 characters Specifies the password to the Root CA keystore. A prompt will be shown for the default value.
cacertdname Sets the Distinguished Name of the CA certificate, starting with a forward-slash. The default value is
/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco
                CA
servername Any string DNS Names for Root CA. Multiple values can be provided, split by “,”. For example: localhost,additional. In Windows variant these have to be enclosed in double quotes. The default value is localhost.
validityduration Positive integer Duration of Root CA validity in days. The default value is 365.

Script: run_encryption: Generates keystore for Repository metadata encryption.

Parameter Value Description
servicename String Encryption service name. The default value is encryption.
subfoldername String Subfolder name to generate the encryption keystore in. The default value is the same as servicename.
encstorepass Any string between 6 and 1023 characters Specifies the password for the encryption keystore. A prompt will be shown for the default value.
encmetadatapass Any string between 6 and 1023 characters Specifies the password for the encryption key. Key alias: metadata. A prompt will be shown for the default value.
alfrescoformat classic/current Default format for certificates: current for Search and Insight Engine or Search Services 2.0.0+, and classic for previous versions. The default value is current. classic value settings: Keystore type: JCEKS. Key algorithm: DESede. Creates a password file. current value settings: Keystore type: PKCS12, Key algorithm: AES, Keysize: 256, No password file created.

Script: run_additional: Generates a keystore and truststore for a service. Can be ran with assignment of role (client/server) to generate two separate sets of those.

Parameter Value Description
servicename String Service name. The default value is service.
subfoldername String Subfolder name to generate the keystore and truststore in. The default value is the same as servicename.
alias String Private key alias. The default value is the same as servicename.
role client/server/both Role to be fulfilled by the keystore key, different roles correspond to dedicated settings in openssl.cnf file. The default value is both.
rootcapass String Password that has been set for the Root CA, it is mandatory and not set by default. The default value is not set and will result with an exception being thrown.
keysize 2048/4096 Specifies the RSA key length. The default value is 2048.
keystoretype PKCS12/JKS/JCEKS Sets the type of the keystore (containing private keys). The default value is JCEKS.
keystorepass Any string between 6 and 1023 characters Specifies the password for the keystore. A prompt will be shown for the default value.
notruststore N/A Flag to turn off generating of the truststore and needs to be defined. The default value is N/A.
truststoretype JKS/JCEKS Sets the type of the truststore (containing public keys). The default value is JCEKS.
truststorepass Any string between 6 and 1023 characters Specifies the password for the truststore. A prompt will be shown for the default value.
certdname String Sets the Distinguished Name of the CA certificate, starting with a forward-slash. The default value is
/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom
                Service
.
servername String DNS Names for Service. Multiple values can be provided, split by “,”. For example: localhost,additional. In Windows, these have to be enclosed in double quotes. The default value is localhost.
alfrescoformat classic/current The default format for certificates is current for Search and Insight Engine or Search Services 2.0.0+, and classic for previous versions. The main difference is that classic format generates text files containing keystore/truststore password, private key/public key alias, and in case of keystore, also the private key password (which currently has to be the same as the keystore). The default value is current.
Note: If you plan to use custom DNames in your certificates, you must use double quotes around the values. For example:
$ ./run.sh -cacertdname  
"/C=GB/ST=UK/L=Maidenhead/O=Alfresco/OU=Unknown/CN=Windows Alfresco CA"
-repocertdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco/OU=Unknown/CN=Repo"
-solrcertdname "/C=GB/ST=UK/L=Maidenhead/O=Alfresco/OU=Unknown/CN=Solr"

It is recommended that you set your own passwords when generating certificates. For example:

(For Linux)

./run.sh -keystorepass "password" -truststorepass "password"

(For Windows)

run.cmd -keystorepass "password" -truststorepass "password"