JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 11

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the Controller server create the truststore using the keytool from your Java JRE or JDK or some third party utility.
    • For use with a third party utility create a truststore, e.g. https-truststore.p12, in PKCS12 format and import:
      • Root CA certificate
    • For use with keytool create the truststore in JKS or PKCS12 format with the Root CA certificate. The below examples suggest one possible approach for certificate management, however, there may be other ways how to achieve similar results.
      • Example for import of a Root CA certificate to a PKCS12 truststore:


        Code Block
        languagebash
        titleExample how to import a CA signed certificate into a PKCS12 Truststore
        # on JOC Cockpit server: import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12" -storetype PKCS12

      • Example for export/import of self-signed certificate to a PKCS12 keystore:

        Code Block
        languagebash
        titleExample how to export the Master public certificate from a PKCS12 Keystore
        # on Controller server: export Controller's certificate from keystore (https-keystore.p12) identified by its alias name (controller-https) to a file in PEM format (controller-https.crt)
keytool -exportcert -rfc -noprompt -file "controller-https.crt" -alias "controller-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.p12" -storepass jobscheduler -storetype PKCS12

# on JOC Cockpit server: import Controller certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -import -alias "controller-https" -file "controller-https.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12" -storetype PKCS12

      • Example for export/import of self-signed certificate to a JKS keystore:

        Code Block
        languagebash
        titleExample how to export the Master public certificate from a JKS Keystore
        # on Controller server: export Controller's certificate from keystore (https-keystore.jks) identified by its alias name (controller-https) to a file in PEM format (controller-https.crt)
keytool -exportcert -rfc -noprompt -file "controller-https.crt" -alias "controller-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.jks" -storepass jobscheduler

# on JOC Cockpit server: import Controller certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -import -alias "controller-https" -file "controller-https.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.jks" -storetype PKCS12

Notes

  • A restart of the respective component is required to apply modifications to the JS7_CONFIG_DIR/private/private.conf file of the Controller or to configuration files of JOC Cockpit .

...