Page History
...
- On the JOC Cockpit server create the truststore using the
keytool
from your Java JRE or JDK or some third party utility.- For use with a third party utility create a truststore, e.g.
https-truststore.p12,
in PKCS12 format and import:- Root CA certificate
- For use with
keytool
create the truststore in JKS or PKCS12 format with the Root CA certificate. The below examples suggest one possible approach for certificate management, however, there may be other ways how to achieve similar results.Example for import of a Root CA certificate to a PKCS12 truststore:
Code Block language bash title Example how to import a CA signed certificate into a PKCS12 Truststore # import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JETTY_BASE/resources/joc/https-truststore.p12"
Example for use of a self-signed Controller certificate with a JOC Cockpit PKCS12 truststore:
Code Block language bash title Example for import of a self-signed Controller certificate the Master public certificate to JOC Cockpit PKCS12 Truststore # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit PKCS12 keystore (joc-https.p12) keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts
Example for use of a self-signed Controller certificate with a JOC Cockpit JKS truststore:
Code Block language bash title Example for import of a self-signed Controller certificate the Master public certificate to JOC Cockpit JKS Truststore # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit JKS keystore (joc-https.jks) keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.jks" -storepass jobscheduler -trustcacerts
- For use with a third party utility create a truststore, e.g.
The location of the truststore is added to the
JETTY_BASE/resources/joc/joc.properties
configuration file like this:Example for PKCS12 truststore
Code Block language text ### Location of the truststore that contains the certificates of all ### Controllers used for HTTPS connections. The path can be absolute or ### relative to joc.properties truststore_path = ../../resources/joc/https-truststore.p12 truststore_type = PKCS12 truststore_password = jobscheduler
Example for JKS truststore
Code Block language text ### Location of the truststore that contains the certificates of all ### Controllers used for HTTPS connections. The path can be absolute or ### relative to joc.properties truststore_path = ../../resources/joc/https-truststore.jks truststore_type = JKS truststore_password = jobscheduler
Hostname verification by default is in place with the
JETTY_BASE/resources/joc/joc.properties
configuration file.Code Block ################################################################################ ### Should hostname verification be carried out for https certificate. ### Default false https_with_hostname_verification = true
Mutual Authentication
...
for Controller
This configuration is applied in order to enable mutual authentication:
- from JOC Cockpit to the Controller
- JOC Cockpit verifies the Controller certificate for Server Authentication
- Controller verifies the JOC Cockpit certificate for Client Authentication
- from pairing Controller instances
Step 1: Create/Update JOC Cockpit (Client) Keystore
...