IriusRisk uses Elliptic Curve Digital Signing key to identify each IriusRisk installation.
This key should be present on all IriusRisk versions 4.8 and above.
New installations
For the new installations you can check official Installation documentation, which explains how to create and integrate the key within your IriusRisk.
Upgrade existing installations
For existing installations it is required to generate a new signing signing key and map it to all your IriusRisk tomcat nodes.
All IriusRisk Tomcat nodes should run the same key!
Steps to upgrade:
- Stop IriusRisk stack. If you run it in a docker-compose environment it can be done with:
$ docker-compose down
- Generate Elliptic Curve key:
$ openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
- Make the key accessible to your IriusRisk server. In a docker-compose environment this means to move the ec_private.pem file into the same folder your docker-compose.yml resides:
$ mv ec_private.pem /path/to/your/docker-compose-folder/
- Make the key accessible to the iriusrisk-tomcat container. In a docker-compose environment this means to edit docker-compose.yml file mapping the key and informing IriusRisk of its presence with environment variable. Make sure you have the following lines in your definition:
tomcat:
environment:
- IRIUS_JWT_PRIVATE_KEY_PATH=/etc/irius/ec_private.pem
volumes:
- "./ec_private.pem:/etc/irius/ec_private.pem" - Now you can start IriusRisk again. For a docker-compose environment it can be done with:
$ docker-compose up -d
Comments
0 comments
Article is closed for comments.