Page History
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# Security configuration js7 { auth { # User accounts for HTTPS connections users { # Controller ID for connections by primary/secondary controller instance Controller { distinguished-names=[ "DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] } # History account (used forto release events) History { distinguished-names=[ "DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE", "DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] password="sha512:B793649879D61613FD3F711B68F7FF3DB19F2FE2D2C136E8523ABC87612219D5AECB4A09035AD88D544E227400A0A56F02BC990CF0D4CB348F8413DE00BCBF08" } # JOC account (reqiresrequires UpdateRepo permission for deployment) JOC { distinguished-names=[ "DNQ=SOS CA, CN=joc-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE", "DNQ=SOS CA, CN=joc-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] password="sha512:3662FD6BF84C6B8385FC15F66A137AB75C755147A81CC7AE64092BFE8A18723A7C049D459AB35C059B78FD6028BB61DCFC55801AE3894D2B52401643F17A07FE" permissions=[ UpdateRepo ] } } } configuration { # directory for trusted public keys and certificates used with signatures trusted-signature-keys { PGP=${js7.config-directory}"/private/trusted-pgp-keys" X509=${js7.config-directory}"/private/trusted-x509-keys" } } journal { # allow History account to release events to free space claimed by journals users-allowed-to-release-events=[ History ] } web { # keystore and truststore location for HTTPS connections https { keystore { # Default: ${js7.config-directory}"/private/https-keystore.p12" file=${js7.config-directory}"/private/https-keystore.p12" key-password=jobscheduler store-password=jobscheduler } truststores=[ { # Default: ${js7.config-directory}"/private/https-truststore.p12" file=${js7.config-directory}"/private/https-truststore.p12" store-password=jobscheduler } ] } } } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
js7 { web { # keystore and truststore location for https connections https { client-keystore { # Default: ${js7.config-directory}"/private/https-client-keystore.p12" file=${js7.config-directory}"/private/https-client-keystore.p12" key-password=jobscheduler store-password=jobscheduler } truststores=[ keystore { # Default: ${js7.config-directory}"/private/https-truststorekeystore.p12" file=${js7.config-directory}"/private/https-truststorekeystore.p12" key-password=jobscheduler store-password=jobscheduler } } truststores=[ ] } } } |
Explanation:
{
# Default: ${js7.config-directory}"/private/https-truststore.p12"
file=${js7.config-directory}"/private/https-truststore.p12"
store-password=jobscheduler
}
]
}
}
} |
Explanation:
- HTTPS keystore and truststore are used to hold private keys and certificates
- The keystore holds the Controller instance's private key and certificate. This information is used
- for Server Authentication with JOC Cockpit and
- for Client Authentication with Agents.
- The truststore holds the certificate(s) used to verify
- Client Authentication certificates presented by JOC Cockpit and
- Server Authentication certificates presented by Agents.
- The keystore holds the Controller instance's private key and certificate. This information is used
- Optionally a separate HTTPS client keystore can be used:
- The client keystore is used for HTTPS mutual authentication and holds a private key and certificate created for the extended key usage
Client Auth
. - When using HTTPS mutual authentication then
- a single certificate can be used that is generated for both extended key usages
Server Auth
andClient Auth
. In this case do not use the HTTPS client keystore but use the HTTPS keystore to hold the certificate. - separate certificates can be used with the certificate for key usage
Server Auth
being stored with the HTTPS keystore and the certificate for key usageClient Auth
being stored with the HTTPS client keystore.
- a single certificate can be used that is generated for both extended key usages
- For details see
Jira server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JS-1959
- The keystore holds the Controller instance's private key and certificate. This information is used
- for Server Authentication with JOC Cockpit and
- for Client Authentication with Agents.
- The truststore holds the certificate(s) used to verify
- Client Authentication certificates presented by JOC Cockpit and Server Authentication certificates presented by Agents.
- The client keystore is used for HTTPS mutual authentication and holds a private key and certificate created for the extended key usage
- for the keystore a password for the private keys included and a password for access to the keystore can be specified
- for the truststore a password for access to the truststore can be specified.
- The
key-password
is used for access to a private key in keystore. - The
store-password
setting is used for access to a keystore or to a truststore. - For PKCS12 (*.p12) keystores both settings have to use the same value. The settings can be omitted if no passwords are used.
...
Overview
Content Tools