JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 18

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Managing the Private

...

Key

...

and Certificate

Assymetric encryption makes use of a private/public key pair Private Key and Certificate/Public Key that can be created in a number of ways:

  • If SSL certificates are in use to secure HTTPS connections to an Agent, see JS7 - Agent HTTPS Connections, then the related private key and certificate can be used for encryption/decryption too.
  • Users can create a Certificate Signing Request (CSR) and ask their Certificate Authority (CA) to sign the CSR and to receive an X.509 certificate. The X.509 certificate allows Private Key or Certificate allow to derive the public keyPublic Key.
  • User can create a self-signed X.509 certificate, see JS7 - How to create self-signed Certificates.
  • Users can create a private/public key pair Private Key and Certificate as explained in subsequent chaptersthe next chapter.

Step 1:

...

Creating the Private

...

Key

...

and Certificate

The following step is performed on the server hosting the Agent that should decrypt variables. The example makes use of the openssl command line utility that can be installed for Windows. There are alternative ways how to create private/public key pairs.

Code Block
languagebash
titleExample how to create ECDSA private /public key pairand certificate
linenumberstrue
# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create the private key in pkcs#1 format 
#   without passphrase
# openssl ecparam -name secp256k1 -genkey -noout -out agent.key
#   with passphrase
openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -passout pass:"jobscheduler" -out agent.key

# create certificate
openssl req -new -x509 -key agent.key -passin pass:"jobscheduler" -out agent.crt -days 1825

# extract public key from private key (not required)
# openssl ec -in agent.key -passin pass:"jobscheduler" -pubout > agent.pub
Code Block
languagebash
titleExample how to create RSA private /public key pairand certificate
linenumberstrue
# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create the private key in pkcs#1 format
#   without passphrase
# openssl req -x509 -sha256 -newkey rsa:2048 -keyout agent.key -out agent.crt
#   with passphrase
openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyout agent.key -out agent.crt

# extract public key from certificate (not required)
# openssl x509 -pubkey -noout -in agent.crt > agent.pub

Step 2:

...

Making the Certificate available

Copy the public key Certificate file to the server(s) hosting the Agent(s) that should encrypt variables:

Code Block
languagebash
titleExample where to copy the public keycertificate
linenumberstrue
# navigate to the Agent's <agent-data>/config directory
Set-Location $env:ProgramData/sos-berlin.com/js7/agent/config
# cd %ProgramData%/sos-berlin.com/js7/agent/config

# copy the agent.pubcrt public keycertificate file from to the current location using a file transfer tool or your clipboard

...