Page History
Table of Contents |
---|
Prerequisites
Required:
Each user with the permission to deploy has to publish his own X.509 signing certificate to JOC.
...
- Each user certificate has to be published to the controller/agents
config/private/trusted-x509-keys
folder also. - If a CA certificate is present in JOC it is sufficient to publish the CA certificate only to the controller/agents
config/private/trusted-x509-keys
folder.- No further user certificates are needed to be published to the controller/agents as long as they were created by the given CA.
Deploy Process Overview
- The user has to export the desired configurations with the checkbox "forSigning" checked.
- unpack the exported archive
- The archive contains a meta_inf file and the configurations.
- sign the configurations and store the signature - base64 encoded - in the same folder.
- Each signature file has to be named the same like the original configuration with an additional filename extension.
- for RSA/ECDSA signatures use the filename extension ".pem" or ".sig" respectively.
- for PGP signatures use the default filename extension ".asc".
- pack the archive again and make sure the meta_inf file is still contained in the root folder of the archive.
- upload the archive using the Import And Deploy button.
Example
Export
- Click on export either in the context menu of the folder you want to export or in the top right corner.
- Check the checkbox "forSigning"
- Select the configuration meant to deploy.
Signing
Extract the configuration with their folder structure from the archive.
...
Enter the signature algorithm using the default Java names for the signature algorithm.
e.g.
OpenSSL | Java with RSA | Java with ECDSA |
---|---|---|
sha512 | SHA512withRSA | - |
sha256 | SHA256withRSA | SHA256withECDSA |
On import the configuration and the signature from the archive will be send to the controller directly and will be validated. After that the configuration is deployed.
Overview
Content Tools