Page History
...
- HTTPS Server Authentication is preferably used in combination with Client Authentication (mutual authentication) as this allows a secure configuration without use of passwords.
- The purpose of Server Authentication is to secure the identity of an http HTTP server and to encrypt the communication between client and server.
- The purpose of Client Authentication is to prove the identity of a client. Without proof of identity any http HTTP client could perform a man-in-the-middle attack e.g. by pretending to be a Controller that connects to an Agent.
- Consider the communication scheme between JS7 components as explained from the JS7 - System Architecture:
- User browsers acting as http HTTP clients establish connections to JOC Cockpit as an http HTTP server.
- JOC Cockpit acting as an http HTTP client establishes connections to Controllers acting as http HTTP servers.
- Controllers acting as http HTTP clients establish connections to Agents acting as http HTTP servers.
- We recommend to apply mutual authentication, however, there might be reasons why use of Client Authentication is not an immediate option, e.g.for example:
- Use of a wildcard certificate for Server Authentication leverages the effort for certificate management. At the same time such certificates cannot be used for Client Authentication.
- Should mutual authentication not be an immediate option then the recommendations from this article for the handling of passwords apply.
...
- For each Agent the Agent ID is specified as e.g. with
agent-dev-001. An Agent is assigned a unique Agent ID during initial operation with JOC Cockpit that cannot be changed unless an Agent's journal would be resetdropped. - The plain text password
secretis specified.
...
Overview
Content Tools