...

Expand

title	List of Arguments for use with JOC Cockpit HTTPS Connections using Mutual Authentication

Argument	Required	Description	Example
`--source-keystore`	No	Path of the keystore holding the client's private key and certificate for client authentication.	`--source-keystore=/home/sos/private/js7-keystore.p12`
`--source-keystore-type`	No	Type of keystore used. Supported values include: `PKCS12` (default), `JKS` (deprecated).	`--source-keystore-type=PKCS12`
`--source-keystore-pass`	No	Password for access to the keystore holding the private key for client authentication.	`--source-keystore-pass="YourKeystorePassword"`
`--source-keystore-entry-pass`	No	Password for the private key entry in the keystore.	`--source-keystore-entry-pass="YourKeystoreEntryPassword"`
`--source-private-key`	No	Path to the private key file holding the client authentication private key.	`--source-private-key=/home/sos/private/client.key`

Explanation:

An HTTPS connection to JOC Cockpit with mutual authentication requires
- to verify the JOC Cockpit server authentication certificate by the requesting client and
- to verify the client authentication certificate of the requesting client by JOC Cockpit.
The --source-keystore-* arguments are used to specify a keystore that holds the client's private key and certificate for client authentication.
The --source-private-key argument is used as an alternative to --source-keystore-* arguments in case that the private key is available from an individual file instead of a keystore.

Examples

Standard Examples

Example for use with the Controller/Agent Instance Start Script and default values

Code Block

language	bash
title	with instance startscript and default values

# use with a Controller instance
./bin/controller_instance.sh cert --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446

# use with an Agent instance
./bin/agent_<port>.sh cert --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446

...

the cert argument for the Instance Start Script to build the Java classpath and to start the Java executable.
The --token argument specifies the one-time token to connect to JOC Cockpit.
The --joc-uri argument specifies the URL for JOC Cockpit.
If no additional arguments are used then the Command Line Client determines default values for the Keystore and Truststore from the instances' ./config/private/private.conf configuration, including defaults for the DN and for the SAN of the certificate.

Example for use with the Controller/Agent Instance Start Script to update relevant DN entries

Code Block

language	bash
title	with instance startscript and default values

# use with a Controller instance
./bin/controller_instance.sh cert --dn-only --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446

# use with an Agent instance
./bin/agent_<port>.sh cert --dn-only --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b --joc-uri=https://myhost.example.com:4446

...

With the --dn-only argument only relevant Distinguished Names (DNs) will be updated to the ./config/private/private.conf configuration file.

Advanced Examples

Example for use with an HTTP Connection to JOC Cockpit

Code Block

language	bash
title	HTTP Connection to JOC Cockpit
collapse	true

./bin/controller_instance.sh cert \
    --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
    --joc-uri=http://somehost.example.com:4446 \
    --san="myhost.example.com, myhost" \
    --subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
    --key-alias=myhost \
    --ca-alias="Root CA" \
    --target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
    --target-keystore-pass=jobscheduler \
    --target-keystore-entry-pass=jobscheduler \
    --target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
    --target-truststore-pass=jobscheduler

Explanation:

tbd

Example for use with an HTTPS Connection to JOC Cockpit and Mutual Authentication from a Client Truststore

Code Block

language	bash
title	HTTPS Connection to JOC Cockpit with Mutual Authentication from a Client Truststore
collapse	true

./bin/controller_instance.sh cert \
     --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
     --joc-uri=https://somehost.example.com:4446 \
     --san="myhost.example.com, myhost" \
     --subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
     --key-alias=myhost \
     --ca-alias="Root CA" \
     --source-keystore=/home/sos/private/js7-keystore.p12 \
     --source-keystore-pass="" \
     --source-keystore-entry-pass="" \
     --source-truststore=/home/sos/private/js7-truststore.p12 \
     --source-truststore-pass="" \
     --target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
     --target-keystore-pass=jobscheduler \
     --target-keystore-entry-pass=jobscheduler \
     --target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
     --target-truststore-pass=jobscheduler

Explanation:

tbd

Example for use with an HTTPS Connection to JOC Cockpit and Mutual Authentication from a Client Key File

Code Block

language	bash
title	HTTPS Connection to JOC Cockpit with Mutual Authentication from a Client Key File
collapse	true

./bin/controller_instance.sh cert \
     --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
     --joc-uri=https://myhost.example.com:4446 \
     --san="myhost.example.com, myhost" \
     --subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
     --key-alias=myhost \
     --ca-alias="Root CA" \
     --source-private-key=/home/sos/private/myhost.key \
     --source-certificate=/home/sos/public/myhost.pem \
     --source-ca-cert="/home/sos/public/intermediate_ca.pem, /home/sos/public/root_ca.pem" \
     --target-keystore=var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
     --target-keystore-pass=jobscheduler \
     --target-keystore-entry-pass=jobscheduler \
     --target-truststore=var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
     --target-truststore-pass=jobscheduler

...

Space shortcuts

Page tree

Versions Compared

Old Version 29

New Version 30

Key

Examples

Standard Examples

Example for use with the Controller/Agent Instance Start Script and default values

Example for use with the Controller/Agent Instance Start Script to update relevant DN entries

Advanced Examples

Example for use with an HTTP Connection to JOC Cockpit

Example for use with an HTTPS Connection to JOC Cockpit and Mutual Authentication from a Client Truststore

Example for use with an HTTPS Connection to JOC Cockpit and Mutual Authentication from a Client Key File

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 29

New Version 30

Key

Examples

Standard Examples

Example for use with the Controller/Agent Instance Start Script and default values

Example for use with the Controller/Agent Instance Start Script to update relevant DN entries

Advanced Examples

Example for use with an HTTP Connection to JOC Cockpit

Example for use with an HTTPS Connection to JOC Cockpit and Mutual Authentication from a Client Truststore

Example for use with an HTTPS Connection to JOC Cockpit and Mutual Authentication from a Client Key File