JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 23

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the Controller server create the truststore using the keytool from your Java JRE or JDK or some third party utility.
    • For use with a third party utility create a truststore, e.g. https-truststore.p12, in PKCS12 format and import:
      • Root CA certificate
    • For use with keytool create the truststore in PKCS12 or JKS format with the Root CA certificate. The below examples suggest one possible approach for certificate management, however, there may be other ways how to achieve similar results.

      • Example for import of a Root CA certificate to a PKCS12 truststore:

        Code Block
        languagebash
        titleExample how to import a CA-signed certificate into a PKCS12 truststore
        # on Controller server: import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12

      • Example for export/import of self-signed client authentication certificate to a PKCS12 keystore:

        Code Block
        languagebash
        titleExample how to export/import a self-signed certificate to a PKCS12 truststore
        collapsetrue
        # on JOC Cockpit server: export JOC Cockpit's certificate from client keystore (https-client-keystore.p12) identified by its alias name (joc-client-https) to a file in PEM format (joc-client-https.crt)
keytool -exportcert -rfc -noprompt -file "joc-client-https.crt" -alias "joc-client-https" -keystore "JETTY_BASE/resources/joc/https-client-keystore.p12" -storepass jobscheduler -storetype PKCS12

# on Controller server: import JOC Cockpit's certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -import -alias "joc-client-https" -file "joc-clent-https.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12

      • Example for export/import of self-signed client authentication certificate to a JKS keystore:

        Code Block
        languagebash
        titleExample how to export/import a self-signed certificate to a JKS truststore
        collapsetrue
        # on JOC Cockpit server: export JOC Cockpit's certificate from client keystore (https-client-keystore.jks) identified by its alias name (joc-client-https) to a file in PEM format (joc-client-https.crt)
keytool -exportcert -rfc -noprompt -file "joc-client-https.crt" -alias "
joc-client-https" -keystore "JETTY_BASE/resources/joc/https-client-keystore.jks" -storepass jobscheduler

# on Controller server: import JOC Cockpit's certificate in PEM format to a JKS truststore (https-truststore.jks)
keytool -import -alias "joc-client-https" -file "joc-client-https.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.jks" -storetype JKS

...