Page History
...
JS7_CONTROLLER_HOME
points to the Controller instance's installation directory/opt/sos-berlin.com/js7/controller
(default on Linux)C:\Program Files\sos-berlin.com\js7\controller
(default on Windows)
JS7_CONTROLLER_CONFIG_DIR
points to the Controller instance's configuration directory/var/sos-berlin.com/js7/controller/config
(default on Linux)C:\ProgramData\sos-berlin.com\js7\config
(default on Windows)
Secure Connections
...
from JOC Cockpit to Controller
This configuration is applied in order to secure the connection if JOC Cockpit and Controller are not operated on the same server and network interface.
...
Step 4: Configure the JOC Cockpit Truststore
...
The JOC Cockpit truststore is added the Root CA certificate. If self-signed certificates are used then each certificate is added to the JOC Cockpit truststore.
- On the JOC Cockpit server create the truststore .using the
keytool
from your Java JRE or JDK or some third party utility.- For use with a third party utility create a truststore, e.g.
https-truststore.p12,
in PKCS12 format and import:- Root CA certificate
- For use with
keytool
create the truststore in JKS or PKCS12 format with the Root CA certificate. The below examples suggest one possible approach for certificate management, however, there may be other ways how to achieve similar results. Example for import of a Root CA certificate to a PKCS12 truststore:
Code Block language bash Example for import of a Root CA certificate to a PKCS12 truststore:
Code Block language bash
title Example how to import a CA signed certificate into a PKCS12 Truststore # import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12"
Example for use of a self-signed Controller certificate with a JOC Cockpit PKCS12 truststore:
Code Block language bash title Example for import of a self-signed Controller certificate the Master public certificate to JOC Cockpit PKCS12 Truststore # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit PKCS12 keystore (joc-https.p12) keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts
Example for use of a self-signed Controller certificate with a JOC Cockpit JKS truststore:
Code Block language bash title Example for import of a self-signed Controller certificate the Master public certificate to JOC Cockpit JKS Truststore # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit JKS keystore (joc-https.jks) keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.jks" -storepass jobscheduler -trustcacerts
- For use with a third party utility create a truststore, e.g.
The location of the truststore is added to the
JETTY_BASE/resources/joc/joc.properties
configuration file like this:Example for PKCS12 keystore
Code Block language text ### Location of the Java truststore that contains the certificates of all ### Controllers used for HTTPS connections. The path can be absolute or ### relative to joc.properties truststore_path = ../../resources/joc/https-truststore.p12 truststore_type = PKCS12 truststore_password = jobscheduler
Example for JKS keystore
Code Block language text ### Location of the Java truststore that contains the certificates of all ### Controllers used for HTTPS connections. The path can be absolute or ### relative to joc.properties truststore_path = ../../resources/joc/https-truststore.jks truststore_type = JKS truststore_password = jobscheduler
Hostname verification by default is in place with the
JETTY_BASE/resources/joc/joc.properties
configuration file.Code Block ################################################################################ ### Should hostname verification be carried out for https certificate. ### Default false https_with_hostname_verification = true
...
Step 1: Create Controller Trusstore
- On the Controller server create the truststore using the
keytool
from your Java JRE or JDK or some third party utility.- For use with a third party utility create a truststore, e.g.
https-truststore.p12,
in PKCS12 format and import:- Root CA certificate
- For use with
keytool
create the truststore in JKS or PKCS12 format with the Root CA certificate. The below examples suggest one possible approach for certificate management, however, there may be other ways how to achieve similar results.- Example for import of a Root CA certificate to a PKCS12 truststore:
Code Block language bash title Example how to import a CA signed certificate into a PKCS12 Truststore # on JOC Cockpit server: import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12" -storetype PKCS12
Example for export/import of self-signed certificate to a PKCS12 keystore:
Code Block language bash title Example how to export the Master public certificate from a PKCS12 Keystore # on Controller server: export Controller's certificate from keystore (https-keystore.p12) identified by its alias name (controller-https) to a file in PEM format (controller-https.crt) keytool -exportcert -rfc -noprompt -file "controller-https.crt" -alias "controller-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.p12" -storepass jobscheduler -storetype PKCS12 # on JOC Cockpit server: import Controller certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "controller-https" -file "controller-https.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12" -storetype PKCS12
Example for export/import of self-signed certificate to a JKS keystore:
- Example for import of a Root CA certificate to a PKCS12 truststore:
- Example for export with JKS keystore format
Code Block language bash title Example how to export the Master public certificate from a JKS Keystore # on Controller server: export
Controller's
certificate from keystore (
https-
keystore.jks) identified by its alias name (
controller-https) to a file in PEM format (
controller-https.crt) keytool -exportcert -rfc -noprompt -file "
controller-https.crt" -alias "
controller-https" -keystore
"JS7_CONTROLLER_CONFIG_DIR/private/
https-
keystore.jks" -storepass jobscheduler
Example for export with PKCS12 keystore format
Code Block # export Master public certificate from keystore (private-https.p12) identified by its alias name (master-https)language bash title Example how to export the Master public certificate from a PKCS12 Keystore # on JOC Cockpit server: import Controller certificate in PEM format to a
PKCS12
truststore
(
https-
truststore.
p12) keytool -
import -
alias "controller-
https" -file "
controller-https.crt
" -keystore "
JETTY_
BASE/
resources/
joc/
https-
truststore.
jks"
-storetype PKCS12
- For use with a third party utility create a truststore, e.g.
Notes
- A restart of the respective component is required to apply modifications to the
JS7_CONFIG_DIR/private/private.conf
file of the Controller or to configuration files of JOC Cockpit .
...