Page History
...
- On the Controller server create the truststore using the
keytool
from your Java JRE or JDK or some third party utility.- For use with a third party utility create a truststore, e.g.
https-truststore.p12,
in PKCS12 format and import:- Root CA certificate
- For use with
keytool
create the truststore in JKS or PKCS12 format with the Root CA certificate. The below examples suggest one possible approach for certificate management, however, there may be other ways how to achieve similar results.- Example for import of a Root CA certificate to a PKCS12 truststore:
Code Block language bash title Example how to import a CA signed certificate into a PKCS12 Truststore # on JOC Cockpit server: import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12" -storetype PKCS12
Example for export/import of self-signed certificate to a PKCS12 keystore:
Code Block language bash title Example how to export the Master public certificate from a PKCS12 Keystore # on Controller server: export Controller's certificate from keystore (https-keystore.p12) identified by its alias name (controller-https) to a file in PEM format (controller-https.crt) keytool -exportcert -rfc -noprompt -file "controller-https.crt" -alias "controller-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.p12" -storepass jobscheduler -storetype PKCS12 # on JOC Cockpit server: import Controller certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "controller-https" -file "controller-https.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12" -storetype PKCS12
Example for export/import of self-signed certificate to a JKS keystore:
Code Block language bash title Example how to export the Master public certificate from a JKS Keystore # on Controller server: export Controller's certificate from keystore (https-keystore.jks) identified by its alias name (controller-https) to a file in PEM format (controller-https.crt) keytool -exportcert -rfc -noprompt -file "controller-https.crt" -alias "controller-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.jks" -storepass jobscheduler # on JOC Cockpit server: import Controller certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "controller-https" -file "controller-https.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.jks" -storetype PKCS12
- Example for import of a Root CA certificate to a PKCS12 truststore:
- For use with a third party utility create a truststore, e.g.
Notes
- A restart of the respective component is required to apply modifications to the
JS7_CONFIG_DIR/private/private.conf
file of the Controller or to configuration files of JOC Cockpit .
...
Overview
Content Tools