JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 5

changes.mady.by.user Kanika Agrawal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add the following entries to the JETTY_BASE/start.d/ssl.ini configuration file:

Code Block
languagebash
titleAdd HTTPS mutual authentication to Jetty
linenumberstrue
## enable use of client authentication certificates
jetty.sslContext.needClientAuth=false
jetty.sslContext.wantClientAuth=true
jetty.sslContext.endpointIdentificationAlgorithm=

...

JOC Cockpit has to hold a certificate in its truststore that allows validation of the clients' certificate. The location of the Jetty truststore is specified with the JETTY_BASE/start.d/ssl.ini configuration file.

  • Self-signed Certificates
    • JOC Cockpit holds the client's certificate in its truststore. 
    • Each client's individual certificate is required to be in place.
  • CA signed Certificates
    • JOC Cockpit holds the CA certificate, i.e. the Root CA Certificate/Intermediate CA Certificate(s), in its truststore.
    • Connections from any clients that use a certificate signed by the CA will be accepted.
    • This approach is more flexible as it does not require modification of the Jetty truststore when adding/removing clients.

...