censhare authentication with private/public key
For system user login (server to server login), there is a private/public key process with a signed token as an alternative to password authentication.
Introduction
Note: Only RSA as the key algorithm is supported.
Public key naming
The keys are managed via
For more information, see this java's keytool
and follow a naming convention: @_ _ is optional.The following client types are valid:
javaclient javaadmin javarender webclient webtunnel service-client online-channel remote-server shelladmin client
Example
master server CSS_ID = master remote server CSS_ID = remote
Remote Server
Prepare everything on the master server and sync to the remote server.
Create a keypair for the authentication:
XMLkeytool -genkeypair -alias system@remote-server -keyalg RSA -keysize 2048 \-keystore ~/cscs/app/config/keystore -storepass corpus \-validity 36500 -dname "CN=system, OU=Remote-Server, O=censhare AG, L=MUC, S=BY, C=DE"
Sync to remote server:
XMLrsync -axz --delete ~/cscs/app/config/ corpus@remote-server:cscs/app/config
Restart censhare-Server on each host:
XMLcenshare.rc restart
Web Client
Create a new key:
XMLkeytool -genkeypair -alias web-default@webclient -keyalg RSA -keysize 2048 \ -keystore ~/cscw/keystore -storepass corpus \ -validity 36500 -dname "CN=system, OU=Remote-Server, O=censhare AG, L=MUC, S=BY, C=DE"
Export of the public key from the keystore:
XMLkeytool -exportcert -alias web-default@webclient \ -keystore ~/cscw/keystore -storepass corpus \ -file ~/cscw/web-default_webclient.cert
Import the public key:
XMLkeytool -importcert -alias web-default@webclient \ -keystore ~/cscs/app/config/keystore -storepass corpus \ -file ~/cscw/web-default_webclient.cert
Build and deploy new WebClient:
XML~/csw/bin/build.sh custom.signjar.war #build signed war ~/csw/bin/build.sh custom.war #build unsigned war cp -p ~/csw/release/censhare-WebClient.war ~/jetty/webapps/ROOT.war
Restart jetty:
XMLcss_jetty.rc restart
Download tunnel
Create a new key:
XMLkeytool -genkeypair -alias web-default@webtunnel -keyalg RSA -keysize 2048 \ -keystore ~/cscw/keystore -storepass corpus \ -validity 36500 -dname "CN=system, OU=Remote-Server, O=censhare AG, L=MUC, S=BY, C=DE"
Export the public key from the keystore:
XMLkeytool -exportcert -alias web-default@webtunnel \ -keystore ~/cscw/keystore -storepass corpus \ -file ~/cscw/web-default_webtunnel.cert
Import the public key:
XMLkeytool -importcert -alias web-default@webtunnel \ -keystore ~/cscs/app/config/keystore -storepass corpus \ -file ~/cscw/web-default_webtunnel.cert
Build and deploy new Download tunnel:
XML~/csw/bin/build.sh downloadtunnel.war cp -p ~/csw/release/downloadtunnel.war ~/jetty/webapps/downloadtunnel.war
Restart jetty:
XMLcss_jetty.rc restart