...
| Flowchart |
|---|
JOC [label=" JOC Cockpit ",fillcolor="lightskyblue"] LDAP [label=" LDAP Server ",fillcolor="lightskyblue"] JOC_Truststore [label="JOC Cockpit Truststore\n./jetty_base/etc/joc.jks\nCA certificates\nLDAP server public certificate",fillcolor="orange"] LDAP_Keystore [label="LDAP Server Keystore\nLDAP Server Private Key",fillcolor="orange"] CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root Certificate",fillcolor="white"] CA_IntermediateCertificate [shape="ellipse",label="CA Intermediate Certificate",fillcolor="white"] LDAP_PrivateKey [shape="ellipse",label="LDAP Server Private Key",fillcolor="white"] LDAP_Keystore_Certificate [shape="ellipse",label="LDAP Server Public Certificate",fillcolor="white"] LDAP_Truststore_Certificate [shape="ellipse",label="LDAP Server Public Certificate",fillcolor="white"] LDAP -> LDAP_Keystore LDAP -> LDAP_Truststore_Certificate [label=" transfer to JOC Cockpit "] LDAP_Keystore -> LDAP_PrivateKey -> LDAP_Keystore_Certificate [label=" in keystore "] # JOC -> LDAP [label=" establish LDAP connection "] JOC -> JOC_Truststore JOC_Truststore -> CA_RootCertificate -> CA_IntermediateCertificate [label=" add to truststore "] CA_IntermediateCertificate -> LDAP_Truststore_Certificate [label=" add to truststore "] |
...
Example for import of a public certificate to a JOC Cockpit Truststore in JKS format:
Code Block language text title Exmple for import of LDAP Server public certificate to JKS Keystore # import LDAP server public certificate to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap) keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts
Example for import of a public certificate to a JOC Cockpit Truststore in PKCS12 format:
Code Block language text title Exmple for import of LDAP Server public certificate to PKCS12 Keystore # import LDAP server public certificate to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap) keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "my_aliasldap" -keystore "JETTY_BASE/etc/joc.p12" -storetype pkcs12 -storepass secret_store -trustcacerts
- The
-keystoreoption specifies the location of your Truststore file. - The
-storepassoption specifies the password for access to your Truststore file. - The file
ldap-ertificate.crthas been created on the LDAP server. Transfer this file to the JOC Cockpit server.Example for export of public certificate:
Code Block language text title Example for export of public certificate # certutil -S -n "SOS_LDAP" -s "cn=myCn" -c "SOS_LDAP CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa certutil -L -d . -n "SOS_LDAP CA certificate" -a > ldap-certificate.crt
- If the public certificate is signed by a CA then the certificate should include the certificate chain of CA Root Certificate and CA Intermediate Certificate. Otherwise it might be required to concatenate the certificates into one file, for example:
Code Block language text title Example for export of public certificate # concatenate CA root certificate and CA intermediate certificate to a single CA Bundle certificate file (ca-bundle.crt) cat RootCACertificate.crt > certificates.crt cat CACertificate.crt >> certificates.crt cat ldap-certificate.crt >> certificates.crt # import LDAP server public certificate and certificate chain to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap) keytool -importcert -noprompt -file "certificates.crt" -alias "ldap" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts
Configure JOC Cockpit Truststore
...