Page History
| Table of Contents |
|---|
...
Introduction
- The connection from a Controller to JobScheduler Universal an Agent can be secured by HTTPS.
- This article describes the steps required to set up secure HTTPS communication without the need of using a reverse proxy (for this use case see JobScheduler Universal Agent - connecting via HTTPS through a proxy).
Prerequisites
...
- from a Controller to an Agent. This includes to use a standalone Controller or a Controller cluster with a primary and standby instance.
- Consider the JS7 - System Architecture for an overview of components and connections.
- Consider to set up JS7 - JOC Cockpit HTTPS Connections for secure connections from clients (user browser / REST API client) to JOC Cockpit.
- Consider JS7 - Controller HTTPS Connections for securing the connections between JOC Cockpit and Controller instances.
Prerequisites
- Certificate stores can be managed from the command line and by use of tools that provide a GUI for this purpose:
- the Java Keytool is available from the Java JRE or JDK,
- the Keystore Explorer is an open source utility to graphically manage certificate stores.
Certificate Management
Private keys and public certificates should be distributed as follows:
| Flowchart |
|---|
Agent_A Controller[label=" JobScheduler Agent 1Controller \nStandalone / Cluster",fillcolor="lightskyblue"] MasterAgent_A [label=" JobSchedulerAgent Master1 ",fillcolor="lightskyblue"] Agent_B [label=" JobScheduler Agent 2 ",fillcolor="lightskyblue"] MasterController_Truststore [label="MasterController Truststore\n./config/agent-https.jks\nCA certificates\nAgentnhttps-truststore.p12\n\nCA certificates",fillcolor="orange"] Agent_A_Keystore [label="Agent 1 Keystore\n./config/private/private-https.jks\nAgent Private Key\nhttps-keystore.p12\n\nCA certificates\nPrivate Key / Certificate",fillcolor="orange"] Agent_B_Keystore [label="Agent 2 Keystore\n./config/private/private-https.jks\nAgent Private Keynhttps-keystore.p12\n\nCA Certificates\nPrivate Key / Certificate",fillcolor="orange"] CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root Certificate\nCertificate",fillcolor="white"] CA_IntermediateCertificate [shape="ellipse",label="CA Intermediate Certificate\nCertificate",fillcolor="white"] Agent_A_PrivateKey [shape="ellipse",label="Agent 1 PrivateServer Authenciation\nPrivate Key",fillcolor="white"] Agent_A_Keystore_Certificate [shape="ellipse",label="Agent 1 CertificateServer Authentication\nCertificate",fillcolor="white"] # Agent_A_Truststore_Certificate [shape="ellipse",label="Agent 1 CertificateServer Authentication\nCertificate\n(self-signed)",fillcolor="chartreuse"] Agent_B_PrivateKey [shape="ellipse",label="Agent 2 PrivateServer Authentication\nPrivate Key",fillcolor="white"] Agent_B_Keystore_Certificate [shape="ellipse",label="Agent 2 CertificateServer Authentication\nCertificate",fillcolor="white"] # Agent_B_Truststore_Certificate [shape="ellipse",label="Agent 2 CertificateServer Authentication\nCertificate\n(self-signed)",fillcolor="chartreuse"] Agent_A -> Agent_A_Keystore # Agent_A -> Agent_A_Truststore_Certificate [label=" transfer to MasterController "] Agent_A_Keystore -> Agent_A_PrivateKey -> Agent_A_Keystore_Certificate [label=" add to keystore "] MasterController -> Agent_A [label=" establish Agent connection "] MasterController -> Agent_B [label=" establish Agent connection "] MasterController -> MasterController_Truststore MasterController_Truststore -> CA_RootCertificate -> CA_IntermediateCertificate [label=" add to truststore "] CA_IntermediateCertificate -> Agent_A_Truststore_Certificate [label=" add to truststore "] CA_IntermediateCertificate -> Agent_B_Truststore_Certificate [label=" add to truststore "] Agent_B -> Agent_B_Keystore # Agent_B -> Agent_B_Truststore_Certificate [label=" transfer to MasterController "] Agent_B_Keystore -> Agent_B_PrivateKey -> Agent_B_Keystore_Certificate [label=" add to keystore "] |
...
Overview
Content Tools