JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 53

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SSL/TLS Certificates are used to secure HTTP connections between JS7 productsJOC Cockpit, Controller and Agents, for example JS7 - JOC Cockpit HTTPS Connections.

Users have a choice to use Private CA-signed Certificates and Public CA-signed Certificates:can choose one of the approachs specified with RFC5280:

  • Self-issued Certificates are not applicable within reasonable effort for deploying individual certificate files to JOC Cockpit, Controllers and Agents.
  • Private CA-signed Certificates are issued by users who operate their own Private Certificate Authority (CA).
  • Public CA-signed Certificates are issued by a trusted Certificate Authority (CA) that validates the domain owner. They are not created by users but are purchased from the trusted CA and therefore are not considered in the article.

There is no difference in using a Private CA or Public CA concerning the functionality of X.509 certificates, usage for Server Authentication / Client Authentication, or security of connections. The only difference is that users trust the Private CA that they set up on their own.

...

Expand
titleWindows version...
Code Block
languagetext
titleExample how to create CA Certificate (Windows)
linenumberstrue
@rem Specify key name used for file names
set ca_key_name=root-ca
 
@rem Create Certificate
set ca_csr_tmp_file=ca-csr-%RANDOM%.tmp
copy /Y NUL %ca_csr_tmp_file%
echo basicConstraints=CA:TRUE >> %ca_csr_tmp_file%
echo keyUsage=critical,nonRepudiation,keyCertSign,cRLSign >> %ca_csr_tmp_file%

openssl x509 -req -sha512 -days 7305 ^
    -key %ca_key_name%.key ^
    -in %ca_key_name%.csr ^
    -out %ca_key_name%.crt ^
    -extfile %ca_csr_tmp_file%

del /q %ca_csr_tmp_file%

...

Expand
titleWindows version...
Code Block
languagetext
titleExample how to create and sign Server Certificate (Windows)
linenumberstrue
@rem Specify key name used for file names
set server_name=myhost

@rem Create and sign Server Certificate
set server_crt_tmp_file=server-crt-%RANDOM%.tmp
copy /Y NUL %server_crt_tmp_file%
echo subjectAltName=DNS:%server_name% >> %server_crt_tmp_file%
echo keyUsage=critical,keyEncipherment,digitalSignature >> %server_crt_tmp_file%
echo extendedKeyUsage=serverAuth,clientAuth >> %server_crt_tmp_file%
 
openssl x509 -req -sha512 -days 3652 ^
    -in %server_name%.csr ^
    -CA root-ca.crt ^
    -CAkey root-ca.key ^
    -CAcreateserial ^
    -out %server_name%.crt ^
    -extfile %server_crt_tmp_file%

del /q %server_crt_tmp_file%

...