On the Author instance in the Stage environment, I created a Service User and added a Keystore that I created via open_ssl.
I used the ACL Packager program to build a package with my service user principal
and its permissions and keystore. I then replicated the package to the publish servers and it all worked fine.
However when I came to import the package on the Prod environment Author, I
was not so successful.
From the useradmin screen, it looked fine.
The system user was there with all the permissions and the keystore.
But, when I had a look at the security screen, no keystore was recognized...
So importing the service user and its keystore via package didn't work for me.
Unfortunately, I am supposed to use Packages exclusively on the Prod environment
so I'm a bit stumped.
Any suggestions ?
I'll answer my own question as it got worked out eventually.
It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.
In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure /home/users/system/blah... directory was ticked for all permissions incl replications. (useradmin)
Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at least the keystore information showed up correctly when I viewed it from (security/users.html)
Its because of the import , some time you need to delete the keystore from the user and recreate the key it works fine.