Page History
...
Flowchart |
---|
JOC [label=" JOC Cockpit ",fillcolor="lightskyblue",fontname="Arial",fontsize="10pt"] LDAP [label=" LDAP Server ",fillcolor="lightskyblue",fontname="Arial",fontsize="10pt"] JOC_Truststore [label="JOC Cockpit Truststore\n./jetty_base/resource/joc/joc.p12\nCA certificates",fillcolor="orange",fontname="Arial",fontsize="10pt"] LDAP_Keystore [label="LDAP Server Keystore\nLDAP Server Private Key\nLDAP Server Certificate",fillcolor="orange",fontname="Arial",fontsize="10pt"] CA_RootCertificate [shape="ellipse",shape="ellipse",label="Root CA Root Certificate",fillcolor="white",fontname="Arial",fontsize="10pt"] CA_IntermediateCertificate [shape="ellipse",label="Intermediate CA Intermediate Certificate",fillcolor="white",fontname="Arial",fontsize="10pt"] LDAP_PrivateKey [shape="ellipse",label="LDAP Server Private Key",fillcolor="white",fontname="Arial",fontsize="10pt"] LDAP_Keystore_Certificate [shape="ellipse",label="LDAP Server Certificate",fillcolor="white",fontname="Arial",fontsize="10pt"] LDAP -> LDAP_Keystore LDAP_Keystore -> LDAP_PrivateKey -> LDAP_Keystore_Certificate [label=" in keystore ",fontname="Arial",fontsize="10pt"] JOC -> JOC_Truststore JOC_Truststore -> CA_RootCertificate -> CA_IntermediateCertificate [label=" add to truststore ",fontname="Arial",fontsize="10pt"] CA_IntermediateCertificate -> LDAP_Keystore_Certificate [label=" verify in handshake ",fontname="Arial",fontsize="10pt"] |
...
Example for import of a certificate to a JOC Cockpit truststore in PKCS12 format:
Code Block language bash title Example for import of LDAP Server Certificate to PKCS12 Keystore # import LDAP server certificate to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap) keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.p12" -storetype pkcs12 -storepass secret_store -trustcacerts
Example for import of a certificate to a JOC Cockpit truststore in JKS format:
Code Block language bash title Exmple for import of LDAP Server certificate to JKS Keystore # import LDAP server certificate to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap) keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.jks" -storetype jks -storepass secret_store -trustcacerts
- Explanation
- The
-keystore
option specifies the location of the truststore file. - The
-storepass
option specifies the password for access to the truststore. - The certificate file
ldap-ertificate.crt
should be available from the LDAP server. Transfer this file to the JOC Cockpit server. Alternatively the server certificate can be requested on-the-fly.Example for request of server certificate:
Code Block language bash title Example for request of server certificate from LDAP server # connect to the LDAP server (ldap_server) with the available port (636), in the server response you should find the certificate that you can copy & paste to a certificate file openssl s_client -showcerts -connect ldap_server:636
If the certificate is signed by a CA then the certificate should include the certificate chain of CA Root Root CA Certificate and Intermediate CA Intermediate Certificate. Otherwise it might be required to concatenate the certificates into one file, for example:
Code Block language bash title Example for use of a certificate chain # concatenate Root CA root certificate and Intermediate CA intermediate certificate as provided from the LDAP server to a single CA Bundle certificate file (ca-bundle.crt) cat RootCACertificate.crt > ca-bundle.crt cat IntermediateCACertificate.crt >> ca-bundle.crt # import LDAP server certificate and certificate chain to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap) keytool -importcert -noprompt -file "ca-bundle.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.p12" storetype pkcs12 -storepass secret_store -trustcacerts
- The
...
Overview
Content Tools