An installation script can be used for creating a new domain on SKFS. The installation script generates signing, JWT and SAML keystores for the new domain that needs to be created. Taking a back up for all the keystores is recommended in case a restore back is required to the original keystores.
Prerequisites
Create a New Domain
Follow the steps to create a new domain for SKFS. If unsure of the next domain Id, please refer the section on how to find the next domain.
Login as "strongkey" user and open a terminal
Unzip the add-domain-v4.x.zip file to the current directory:
shell> unzip add-domain-v4.x.zip -d .
Edit the add-domain installation script using a preferred text editor
shell> vi add-domain.sh
The installation script contains configurable values. Please change the passwords if not using the default ones.
The script takes the following arguments:
shell> add-domain.sh <did> <backup:true/false>
If backup is set to true, the script creates a backup for all the keystores, database and the openLDAP directory at the /usr/local/strongkey/skfsbackups.
Execute the add-domain.sh script as follows:
shell> ./add-domain.sh 9 true
The script will create a new domain and generate signing keys, jwtsigning keys and samlsigning keys for this newly created domain. The script also generates default users for the openLDAP directory and creates a minimal policy for this domain. Please follow the link if this policy needs to be updated.
You can now use the new Domain to perform FIDO Operations.
NOTE: If you want to restore/rollback to the previous state for any reason/error, follow the steps here to recover the database and keystores
How to find the next domain
Follow the steps below to find the next did:
In a terminal logged in as “strongkey” user and type the following command:
shell> mysql -u skfsdbuser -p skfs
Or use alias mys :
shell> mys
MariaDB[skfs] > select did, name from domains order by did;
MariaDB [skfs]> select did, name from domains order by did;
+-----+--------+
| did | name |
+-----+--------+
| 1 | SKFS 1 |
| 2 | SKFS 2 |
| 3 | SKFS 3 |
| 4 | SKFS 4 |
| 5 | SKFS 5 |
| 6 | SKFS 6 |
| 7 | SKFS 7 |
| 8 | SKFS 8 |
+-----+--------+
8 rows in set (0.001 sec)
As you can see in the example above the server already has 8 domains created so the next domain id would be 9.