JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 39

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

JS7 - Deployment of Scheduling Objects makes use of Signing Certificates to digitally sign workflows and other objects. Signing Certificates are deployed to Controllers and Agents. Use of certificates for signing is not related to use of certificates to secure HTTPS connections, see JS7 - How to create X.509 SSL TLS Certificates.

...

Anchor
creating_self_issued_certificates
creating_self_issued_certificates
Creating self-issued Certificates

Users chose this approach if they intend to authorize specific users to deploy scheduling objects:

  • The approach is managable if the number of Controller and Agent instances that receive the certificate is within acceptable limits.
    • Consider certificate renewal that includes to update the certificate file on related Controller and Agent instances.
    • Consider certificate revocation that includes to remove the certificate file from related Controller and Agent instances.
  • The approach allows fine-grained control, but comes at a price of having to manage deployment of user certificates individually.

Anchor
creating_private_key_and_csr
creating_private_key_and_csr
Creating the Private Key and Certificate Signing Request

...

Users have the option to use ECDSA or RSA algorithms for the encryption type applied to performed using the Private Key.

Users can run the following commands from the shell and replace the value of the key_name environment variable with a name of their choice that is used when creating related files.

...

Steps include to create the signing-ca.key CA Private Key file and signing-ca.csr CA Certificate Signing Request file both in PEM format.

Users have the option to use ECDSA or RSA algorithms for encryption performed using the Private Key.

Users can run the following commands from the shell and replace the value of the ca_key_name environment variable with a name of their choice that is used when creating related files.

...

Steps include to create the signing.key Private Key file and signing.csr Certificate Signing Request file both in PEM format.

Users have the option to use ECDSA or RSA algorithms for encryption performed using the Private Key.

Users can run the following commands from the shell and replace the value of the key_name environment variable with a name of their choice that is used when creating related files.

...