Page History
...
| Flowchart |
|---|
Controller [label=" Controller \nStandalone / Cluster",fillcolor="lightskyblue"] JOC [label=" JOC Cockpit \nPrimary",fillcolor="lightskyblue"] JOC2 [label=" JOC Cockpit \nStandby",fillcolor="lightskyblue"] Controller_Truststore [label="Controller Truststore\nhttps-truststore.p12\n\nCA certificates",fillcolor="limegreen"] Controller_Keystore [label="Controller Keystore\nhttps-keystore.p12\n\nCA Certificates\nPrivate Key / Certificate",fillcolor="orange"] JOC_Truststore [label="JOC Cockpit Truststore\nhttps-truststore.p12\n\nCA certificates",fillcolor="orange"] JOC_Keystore [label="JOC Cockpit Keystore\nhttps-keystore.p12\n\nCA Certificates\nPrivate Key / Certificate",fillcolor="limegreen"] Controller_Truststore_CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root\nCertificate",fillcolor="white"] JOC_Truststore_CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root\nCertificate",fillcolor="white"] JOC_Keystore_CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root\nCertificate",fillcolor="white"] JOC_Keystore_CA_IntermediateCertificate [shape="ellipse",label="CA Intermediate\nCertificate",fillcolor="white"] Controller_Keystore_CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root\nCertificate",fillcolor="white"] Controller_Keystore_CA_IntermediateCertificate [shape="ellipse",label="CA Intermediate\nCertificate",fillcolor="white"] Controller_PrivateKey [shape="ellipse",label="Server Authentication\nPrivate Key",fillcolor="white"] Controller_Keystore_Certificate [shape="ellipse",label="Server Authentication\nCertificate",fillcolor="white"] JOC_PrivateKey [shape="ellipse",label="Client Authentication\nPrivate Key",fillcolor="white"] JOC_Certificate [shape="ellipse",label="Client Authentication\nCertificate",fillcolor="white"] Controller -> Controller_Keystore Controller_Keystore -> Controller_Keystore_CA_RootCertificate -> Controller_Keystore_CA_IntermediateCertificate [label=" add to keystore "] Controller_Keystore -> Controller_PrivateKey -> Controller_Keystore_Certificate [label=" add to keystore "] Controller -> Controller_Truststore Controller_Truststore -> Controller_Truststore_CA_RootCertificate [label=" add to truststore "] JOC -> JOC_Keystore JOC_Keystore -> JOC_Keystore_CA_RootCertificate -> JOC_Keystore_CA_IntermediateCertificate [label=" add to keystore "] JOC_Keystore -> JOC_PrivateKey -> JOC_Certificate [label=" add to keystore "] JOC -> JOC_Truststore JOC_Truststore -> JOC_Truststore_CA_RootCertificate [label=" add to truststore "] JOC -> Controller [label=" establish connection "] JOC2 -> Controller [label=" establish connection "] |
...
- Keystore and truststore in orange color are required for any connections of JOC Cockpit to a Controller.
- The Controller's private key and certificate for Server Authentication are added to the Controller's keystore. In case of a self-signed certificate the certificate is added to the JOC Cockpit truststore too.
- This step can be skipped if a CA-signed certificate is used as the Root Certificate in the JOC Cockpit truststore is sufficient to verify Controller certificates.
- Keystore and truststore in green color are required if mutual authentication is in place for certificate based client authentication (default).
- A Controller truststore in green color is required should secure connections be used by a Controller to access Agents. It is therefore recommended to set up the Controller truststore.
- Certificate management applies similarly to any additional standby JOC Cockpit instances acting in a cluster.
Secure Connection Setup
In the following the placeholders JOC_HOME, JETTY_HOME and JETTY_BASE are used which locate three directories. If you install Jetty with the JOC Cockpit installer then
...
Overview
Content Tools