...
| Expand |
|---|
| title | List of Standard Arguments |
|---|
|
| Argument | Required | Description | Example |
|---|
--joc-uri | Yes | URI of the JOC Cockpit instance from which to receive the private key and certificate. | --joc-uri=http://myhost.example.com:4446 | --token | Yes | UUID of the security token for one-time authentication with JOC Cockpit. | --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b | --subject-dn | Yes | The subject of the requested certificate includes the Distinguished Name (DN) consisting of CN, OU, O, L, S, C attributes. The hostname of the requesting client is specified as CN. | --subject-dn="CN=myhost, OU=IT Operations, O=SOS, L=Berlin, S=Berlin, C=DE" | --san | Yes | The Subject Alternative Name (SAN) specifies the hostname of the requesting client and optionally variations of the hostname, e.g. the domain part (FQDN). Alternative hostnames are separated by comma. | --san="myhost, myhost.example.com" | --key-alias | Yes | Alias name used when storing the requested private key and certificate to the target keystore. | --key-alias="MyKeyAlias" | --ca-alias | Yes | Alias name used when storing the requested CA certificate in both, the target keystore and truststore. | --ca-alias="MyTrustedCertificateAlias" |
|
|
|
| --target-keystore | Yes | Path to the keystore to which the requested private key and certificate should be stored. | --target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 | --target-keystore-type | No | Type of the keystore used. Supported values include: PKCS12 (default),
JKS (deprecated). | --target-keystore-type=PKCS12 | --target-keystore-pass | No | Password for access to the keystore. | --target-keystore-pass="YourKeystorePassword" | --target-keystore-entry-pass | No | Password for the requested private key that should be added to the keystore. | --target-keystore-entry-pass="YourKeystoreEntryPassword" |
|
|
|
| --target-truststore | Yes | Path to the truststore to which the trusted CA certificate should be stored. | --target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 | --target-truststore-type | No | Type of the truststore used. Supported values include: PKCS12 (default),
JKS (deprecated). | --target-truststore-type=PKCS12 | --target-truststore-pass | No | Password for access to the truststore. | --target-truststore-pass="YourTruststorePassword"
| --help | No | Displays usage information, this option has to be specified as the only command line option and has no value. |
|
Explanation: - Arguments qualified as required have to be used with any request to JOC Cockpit to create a private key and certificate.
- The
--joc-uri agument argument specifies the URL for JOC Cockpit. When used with the HTTPS protocol then check the next section for additional arguments. - The
--target-keystore is located in the Controller or Agent instance's ./config/private directory.
|
...
| Code Block |
|---|
| language | bash |
|---|
| title | HTTPS Connection to JOC Cockpit with Mutual Authentication from a Client Key File |
|---|
| collapse | true |
|---|
|
java -jar sos-commons-cli.jar com.sos.cli.ExecuteRollOut \
--token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
--joc-uri=https://myhost.example.com:4446 \
--san="myhost.example.com, myhost" \
--subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
--key-alias=myhost \
--ca-alias="Root CA" \
--source-private-key=/home/sos/private/myhost.key \
--source-certificate=/home/sos/public/myhost.pem \
--source-ca-cert="/home/sos/public/intermediate_ca.pem, /home/sos/public/root_ca.pem" \
--target-keystore=var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
--target-keystore-pass=jobscheduler \
--target-keystore-entry-pass=jobscheduler \
--target-truststore=var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
--target-truststore-pass=jobscheduler |
Explanation:
Developer Notes
The jar file to use is present in two forms
- sos-commons-cli-2-0-0-SNAPSHOT.jar (ca. 9 KB)
- this is a standard jar file
- using this jar needs to get the complete classpath set from the outside
- sos-commons-cli-2-0-0-SNAPSHOT-jar-with-dependencies.jar (ca. 22 MB)
- this is a fat/uber jar file
- using this jar needs no classpath at all
The filename of the jar file should be changed through the setup, so that customers will later only have to call sos-commons-cli.jar or a different desired name in either way (external classpath in agent, without classpath in the controller)
...