JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 3

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Flowchart
JOC [label="   JOC Cockpit   ",fillcolor="lightskyblue",fontname="Arial",fontsize="10pt"]
LDAP [label="   LDAP Server   ",fillcolor="lightskyblue",fontname="Arial",fontsize="10pt"]
 
JOC_Truststore [label="JOC Cockpit Truststore\n./jetty_base/resource/joc/joc.p12\nCA certificates",fillcolor="orange",fontname="Arial",fontsize="10pt"]
LDAP_Keystore [label="LDAP Server Keystore\nLDAP Server Private Key\nLDAP Server Certificate",fillcolor="orange",fontname="Arial",fontsize="10pt"]

CA_RootCertificate [shape="ellipse",shape="ellipse",label="Root CA Root Certificate",fillcolor="white",fontname="Arial",fontsize="10pt"]
CA_IntermediateCertificate [shape="ellipse",label="Intermediate CA Intermediate Certificate",fillcolor="white",fontname="Arial",fontsize="10pt"]

LDAP_PrivateKey [shape="ellipse",label="LDAP Server Private Key",fillcolor="white",fontname="Arial",fontsize="10pt"]
LDAP_Keystore_Certificate [shape="ellipse",label="LDAP Server Certificate",fillcolor="white",fontname="Arial",fontsize="10pt"]

LDAP -> LDAP_Keystore 
LDAP_Keystore -> LDAP_PrivateKey -> LDAP_Keystore_Certificate [label=" in keystore ",fontname="Arial",fontsize="10pt"]

JOC -> JOC_Truststore
JOC_Truststore -> CA_RootCertificate -> CA_IntermediateCertificate [label=" add to truststore ",fontname="Arial",fontsize="10pt"]
CA_IntermediateCertificate -> LDAP_Keystore_Certificate [label=" verify in handshake ",fontname="Arial",fontsize="10pt"]

...

  • Example for import of a certificate to a JOC Cockpit truststore in PKCS12 format:

    Code Block
    languagebash
    titleExample for import of LDAP Server Certificate to PKCS12 Keystore
    # import LDAP server certificate to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.p12" -storetype pkcs12 -storepass secret_store -trustcacerts

  • Example for import of a certificate to a JOC Cockpit truststore in JKS format:

    Code Block
    languagebash
    titleExmple for import of LDAP Server certificate to JKS Keystore
    # import LDAP server certificate to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.jks" -storetype jks -storepass secret_store -trustcacerts
  • Explanation
    • The -keystore option specifies the location of the truststore file.
    • The -storepass option specifies the password for access to the truststore.
    • The certificate file ldap-ertificate.crt should be available from the LDAP server. Transfer this file to the JOC Cockpit server. Alternatively the server certificate can be requested on-the-fly.

      • Example for request of server certificate:
         

        Code Block
        languagebash
        titleExample for request of server certificate from LDAP server
        # connect to the LDAP server (ldap_server) with the available port (636), in the server response you should find the certificate that you can copy & paste to a certificate file
openssl s_client -showcerts -connect ldap_server:636

      • If the certificate is signed by a CA then the certificate should include the certificate chain of CA Root Root CA Certificate and Intermediate CA Intermediate Certificate. Otherwise it might be required to concatenate the certificates into one file, for example:

        Code Block
        languagebash
        titleExample for use of a certificate chain
        # concatenate Root CA root certificate and Intermediate CA intermediate certificate as provided from the LDAP server to a single CA Bundle certificate file (ca-bundle.crt)
cat RootCACertificate.crt > ca-bundle.crt
cat IntermediateCACertificate.crt >> ca-bundle.crt

# import LDAP server certificate and certificate chain to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ca-bundle.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.p12" storetype pkcs12 -storepass secret_store -trustcacerts

...