Product Documentation

The signing keys should be regenerated after SKFS installation is completed. The steps are as follows:

 

  1. On the machine where SKFS is installed, login as strongkey user and change directory to keymanager director. Inside there is the keymanager.jar file which will help in regenerating signing keys for SKFS. For a list of possible operations, run the following command:
  2. Regenerate signing keys by running the command: <prejava -jar keymanager.jar regeneratesigningkey <did> <keystore location> <truststore location> <keystore password> <algo> Assuming the keysore location is in the same place after installation, you command will look like this:
    java -jar /usr/local/strongkey/keymanager/keymanager.jar regeneratesigningkey 1 /usr/local/strongkey/skfs/keystores/signingkeystore.bcfks /usr/local/strongkey/skfs/keystores/signingtruststore.bcfks Abcd1234! EC

    You will get a response similar to this:

    Regenerated signing key
  3. Restart Glassfish for the changes to take effect.
    sudo systemctl restart payara​  
    
    # For SKFS version 4.12 and below, use the following command instead:
    sudo service glassfishd restart​
  4. When finished, if you are using SKFS in a cluster, copy and replace the keystore file signingkeystore.bckfs and signingtruststore.bcfks from the SKFS instance where signing keys where regenerated to other SKFS servers in the cluster and restart Glassfish.

 

Values

Value

Explanation

did

Unique domain identifier that belongs to SKFS.

keystore location

Signing KeyStore location for SKFS.

truststore location

Signing TrustStore location for SKFS.

keystore password

Password for KeyStore. Default is Abcd1234!

algo

Algorithm used in the KeyStore; example RSA | EC.