JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 29

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • This can be simplified by use of a private key/certificate pair that is created for both extended key usages Server Authentication and Client Authentication. In this case a single private key and certificate is stored with the JOC Cockpit's keystore as indicated with the JS7 - JOC Cockpit HTTPS Connections article.
  • If separate private key/certificate pairs should be used for Server Authentication and Client Authentication purposes then use of separate certificate stores for JOC Cockpit is recommended:
    • The keystore holds the private key/certificate for Server Authentication. The location of the keystore is configured with JETTY_BASE/start.ini.
    • The client keystore holds the private key/certificate for Client Authentication. The location of the client keystore is configured with JETTY_BASE/resources/joc/joc.properties.

The following steps are applied if a separate client keystore is used with JOC Cockpit.

  • On the JOC Cockpit server create the client keystore using the keytool from your Java JRE or JDK or some third party utility.
    • For use with a third party utility create a client keystore, e.g. https-client-keystore.p12, in PKCS12 format and import:
      • JOC Cockpit private key and certificate for Client Authentication
      • Root CA certificate
      • Intermediate CA certificates
    • For use with keytool create the client keystore in PKCS12 or JKS format according to the steps indicated with JS7 - JOC Cockpit HTTPS Connections: Step 2: Create JOC Cockpit Keystore chapter.
      • Apply the indicated steps to the client keystore and use the private key/certificate pair for Client Authentication.

  • The location of the client keystore is added to the JETTY_BASE/resources/joc/joc.properties configuration file like this:

    • Example for PKCS12 client keystore:

      Code Block
      languagetext
      titleExample how to specify the PKCS12 client keystore location with joc.properties file
      ### Location of the client keystore that contains the private key and 
###   certificate for JOC Cockpit client authentication relative to
###   joc.properties

client_keystore_path = ../../resources/joc/https-client-keystore.p12 
client_keystore_type = PKCS12
client_keystore_password = jobscheduler

    • Example for JKS client keystore:

      Code Block
      languagetext
      titleExample how to specify the JKS client keystore location with joc.properties file
      collapsetrue
      ### Location of the client keystore that contains the private key and 
###   certificate for JOC Cockpit client authentication relative to
###   joc.properties

client_keystore_path = ../../resources/joc/https-client-keystore.jks
client_keystore_type = JKS
client_keystore_password = jobscheduler

...