Page History

...

By default mutual authentication is in place.
- The Controller is challenged by the Agent to present its Client Authentication certificate that is verified by the Agent.
- If a Controller cluster is used then connections from both Controller instances are authenticated by the distinguished name of the instance's Client Authentication certificate.

The JS7_CONTROLLER_CONFIG_DIR/private/private.conf configuration file should include authentication details like this:

Code Block

title	Example for private.conf file specifying Controller authentication

js7 {
    auth {
        users {
            # Controller ID for connections by primary/standby Controller instance
            jobscheduler {
                distinguished-names=[
                    "DNQ=SOS CA, CN=apmacwin_primary_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
                    "DNQ=SOS CA, CN=apmacwin_secondary_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
                ]
            }
        }
    }
}

Explanation:

The jobscheduler user account is an example for a Controller ID that is specified during Controller installation.
The distinguished-names property offers to add a number of distinguished names as available from the subject of Client Authentication certificates that are used by Controller instances when connecting to the Agent.
- Except for whitespace between attributes the precise sequence and values as available from the certificate's subject has to match this property value
For each Controller instance the distinguished name as available from its Client Authentication certificate's subject is used
- .

Step 3: Set up the Agent Instance Start Script for HTTPS

...

Space shortcuts

Page tree

Versions Compared

Old Version 8

New Version 9

Key

Step 3: Set up the Agent Instance Start Script for HTTPS