Page History
...
- This can be simplified by use of a private key/certificate pair that is created for both extended key usages Server Authentication and Client Authentication. In this case a single private key and certificate is stored with the JOC Cockpit's keystore as indicated with the JS7 - JOC Cockpit HTTPS Connections article.
- If separate private key/certificate pairs should be used for Server Authentication and Client Authentication purposes then use of separate certificate stores for JOC Cockpit is recommended:
- The keystore holds the private key/certificate for Server Authentication. The location of the keystore is configured with
JETTY_BASE/start.ini
. - The client keystore holds the private key/certificate for Client Authentication. The location of the client keystore is configured with
JETTY_BASE/resources/joc/joc.properties
.
- The keystore holds the private key/certificate for Server Authentication. The location of the keystore is configured with
The following steps are applied if a separate client keystore is used with JOC Cockpit.
- On the JOC Cockpit server create the client keystore using the
keytool
from your Java JRE or JDK or some third party utility.- For use with a third party utility create a client keystore, e.g.
https-client-keystore.p12,
in PKCS12 format and import:- JOC Cockpit private key and certificate for Client Authentication
- Root CA certificate
- Intermediate CA certificates
- For use with
keytool
create the client keystore in PKCS12 or JKS format according to the steps indicated with JS7 - JOC Cockpit HTTPS Connections: Step 2: Create JOC Cockpit Keystore chapter.- Apply the indicated steps to the client keystore and use the private key/certificate pair for Client Authentication.
- For use with a third party utility create a client keystore, e.g.
The location of the client keystore is added to the
JETTY_BASE/resources/joc/joc.properties
configuration file like this:Example for PKCS12 client keystore:
Code Block language text title Example how to specify the PKCS12 client keystore location with joc.properties file ### Location of the client keystore that contains the private key and ### certificate for JOC Cockpit client authentication relative to ### joc.properties client_keystore_path = ../../resources/joc/https-client-keystore.p12 client_keystore_type = PKCS12 client_keystore_password = jobscheduler
Example for JKS client keystore:
Code Block language text title Example how to specify the JKS client keystore location with joc.properties file collapse true ### Location of the client keystore that contains the private key and ### certificate for JOC Cockpit client authentication relative to ### joc.properties client_keystore_path = ../../resources/joc/https-client-keystore.jks client_keystore_type = JKS client_keystore_password = jobscheduler
...
Overview
Content Tools