...
| Expand |
|---|
| title | List of Standard Arguments |
|---|
|
| Argument | Required | Description | Example |
|---|
--joc-uri | Yes | URI of the JOC Cockpit instance from which to receive the private key and certificate. | --joc-uri=http://myhost.example.com:4446 | --token | Yes | UUID of the security token for one-time authentication with JOC Cockpit. | --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b | --dn-only | No | Flag to receive relevant DNs to update the private.conf file, without certficate generation. | --dn-only | --subject-dn | Yes | The subject of the requested certificate includes the Distinguished Name (DN) consisting of CN, OU, O, L, S, C attributes. The hostname of the requesting client is specified as CN. | --subject-dn="CN=myhost, OU=IT Operations, O=SOS, L=Berlin, S=Berlin, C=DE" | --san | Yes | The Subject Alternative Name (SAN) specifies the hostname of the requesting client and optionally variations of the hostname, e.g. the domain part (FQDN). Alternative hostnames are separated by comma. | --san="myhost, myhost.example.com" | --key-alias | Yes | Alias name used when storing the requested private key and certificate to the target keystore. | --key-alias="MyKeyAlias" | --ca-alias | Yes | Alias name used when storing the requested CA certificate in both, the target keystore and truststore. | --ca-alias="MyTrustedCertificateAlias" |
|
|
|
| --target-keystore | Yes | Path to the keystore to which the requested private key and certificate should be stored. | --target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 | --target-keystore-type | No | Type of the keystore used. Supported values include: PKCS12 (default),
JKS (deprecated). | --target-keystore-type=PKCS12 | --target-keystore-pass | No | Password for access to the keystore. | --target-keystore-pass="YourKeystorePassword" | --target-keystore-entry-pass | No | Password for the requested private key that should be added to the keystore. | --target-keystore-entry-pass="YourKeystoreEntryPassword" |
|
|
|
| --target-truststore | Yes | Path to the truststore to which the trusted CA certificate should be stored. | --target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 | --target-truststore-type | No | Type of the truststore used. Supported values include: PKCS12 (default),
JKS (deprecated). | --target-truststore-type=PKCS12 | --target-truststore-pass | No | Password for access to the truststore. | --target-truststore-pass="YourTruststorePassword"
| --help | No | Displays usage information, this option has to be specified as the only command line option and has no value. |
|
Explanation: - Arguments qualified as required have to be used with any request to JOC Cockpit to create a private key and certificate.
- The
--joc-uri argument specifies the URL for JOC Cockpit. When used with the HTTPS protocol then check the next section for additional arguments. - The
--target-keystore is located in the Controller or Agent instance's ./config/private directory.
|
Arguments for use with JOC Cockpit HTTPS Connections
The --dn-only argument: If present, only related DNs are added to the private.conf file in the Controller or Agent instances ./config/private directory. No certificates/keys are generated.
|
Arguments for use with JOC Cockpit HTTPS Connections
The following arguments are The following arguments are used in addition to standard arguments in case that JOC Cockpit is set up for HTTPS connections:
...
| Code Block |
|---|
| language | bash |
|---|
| title | HTTPS Connection to JOC Cockpit with Mutual Authentication from a Client Key File |
|---|
| collapse | true |
|---|
|
java -jar sos-commons-cli.jar com.sos.cli.ExecuteRollOut \
--token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
--joc-uri=https://myhost.example.com:4446 \
--san="myhost.example.com, myhost" \
--subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
--key-alias=myhost \
--ca-alias="Root CA" \
--source-private-key=/home/sos/private/myhost.key \
--source-certificate=/home/sos/public/myhost.pem \
--source-ca-cert="/home/sos/public/intermediate_ca.pem, /home/sos/public/root_ca.pem" \
--target-keystore=var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
--target-keystore-pass=jobscheduler \
--target-keystore-entry-pass=jobscheduler \
--target-truststore=var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
--target-truststore-pass=jobscheduler |
Explanation:
Example for use with the Controller-/Agent-Instance Startscript and default values
| Code Block |
|---|
| language | bash |
|---|
| title | with instance startscript and default values |
|---|
| collapse | true |
|---|
|
./bin/controller_instance.sh cert --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446
OR
./bin/agent_<Port>.sh cert --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446 |
Explanation:
- the
cert argument for the instance startscript to build the classpath and start the java executable - The
--token argument specifies the one-time token to connect to JOC Cockpit once. - The
--joc-uri argument specifies the URL for JOC Cockpit.