JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 13

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Hibernate configuration file has to hold a reference where to locate the location of the Private Key used for decryption:

...

The path to the Private Key file is specified from a property in the hibernate.cfg.xml file. The Private Key can optionally be protected by a password. The password is not a secret but aims to check integrity when reading/writing private keys. If no password is used to access the Private Key, then the related property should not be specifiedpassphrase. If no passphrase is used to access the Private Key, then the related property should not be specified.

Note: Private Keys can be protected using a passphrase that acts as a second factor when a human user will access the key: while the Private Key is in the file system, the passphrase is in the user's brains. However, this does not improve security for unattended processing: it's pointless to store a passphrase side-by-side with the Private Key in scripts or configuration files on the same media.

Related properties in the hibernate.cfg.xml file include:

...

  • hibernate.sos.keystore_path: The keystore path can be specified from an absolute path or from a relative path. The relative path starts from the JETTY_BASE/resources/joc directory of the JOC Cockpit installation.
  • hibernate.sos.keystore_type: The PKCS12 keystore type should be used. Typically keystores with the file name extension .p12 or .pfx signal indicate a PKCS12 compliant keystore.

  • hibernate.sos.keystore_password: The keystore should be be protected by a password. The password is not a secret, but aims to checking integrity when reading/writing keystores.

  • hibernate.sos.keystore_keypassword: For use with the PKCS12 format the password passphrase for the key and the password for the keystore have to match.

  • hibernate.sos.keystore_keyalias: The Private Key's alias name is a unique identifier of the key in the keystore. An alias name has to be specified if more than one Private Key is available in the keystore. The property can be omitted for keystores that hold a single key.

...

It is possible to use the SSL Private Key/Certificate stored in JOC Cockpit's keystore for HTTPS connections for to perform encryption/decryption, see JS7 - JOC Cockpit HTTPS Connections.

...