...

The JS7 - Security Architecture suggest to operate JOC Cockpit in one of the following security levels:

• Security Level Low
  • Inventory objects are automatically signed with the private key that is stored with the root account.
  • Signing is automatically applied when performing the Deploy operation.
  • The Profile page for Signature Key Management is available for user accounts holding the Administrator role only, see JS7 - Authorization.
• Security Level Medium
  • Inventory objects are automatically signed with the private key that is stored with the current user's account.
  • Signing is automatically applied when performing the Deploy operation.
  • The Profile page for Signature Key Management is available for any user accounts holding a Deploy permission, see JS7 - Permissions.
• Security Level High
  • Inventory objects are signed outside of JOC Cockpit.
  • As a consequence no Profile page for Signature Key Management is available.

The article is intended for an audience that is familiar with digital key management.

Profile Page

The Profile page is accessible from the user menu of an account in the right upper corner of any JOC Cockpit view:

...

• A CA Certificate is required to verify the user account's private key and certificate for digital signing when performing deployments.
  • This includes to check that the user account's certificate is signed with the given CA Certificate or a later CA Intermediate Certificate.
  • This includes to check expiration dates of certificates.
• If an X.509 CA Certificate (Root CA Certificate or Intermediate CA Certificate) is assigned then the certificate's subject is displayed.
• Operations for CA Certificates include to
  • view the CA Certificate by use of the  icon,
  • update the CA Certificate by use of the  icon,
  • Import import the CA Certificate by use of the  icon.

...

A CA Certificate can be imported from a file like this:

Keys and Certificates

• x

...

User accounts have to be equipped with a private key and certificate created for digital signing.

• JOC Cockpit does not offer to sign a user account's certificate for digital signing.
  • For good reasons JOC Cockpit does not implement a CA for digital signatures.
  • Instead, the user's CA should be consulted to sign a respective Certificate Signing Request. The resulting certificate can be added with JOC Cockpit.
  • If users do not operate a CA or do not dispose of certificates then they can continue to use the default private key and certificate that ship with JOC Cockpit.
    • In this situation by default the root account only can be used to deploy scheduling objects such as workflows which suggests to operate JOC Cockpit for Security Level Low as the root account's key and certificate will be used for deployment by any users accounts.
    • For a Security Level Medium each user account has to be equipped with a key and certificate.
• Operations for the user account's private key and certificate include to
  • view the private key and certificate by use of the Image Added icon,
  • update the private key and certificate by use of the Image Added icon,
  • import the private key by use of the Image Added icon,
  • generate the private key by use of the Image Added icon.

View Key and Certificate

The user account's private key and certificate for digital signing is displayed like this:

Update Key and Certificate

A user accountThe user's private key and certificate can be updated by pasting from the clipboard like this:

Image Added

Import Key

A user account's private key can be imported from a file like this:

Image Added

Consider that an X.509 certificate matching the user account's private key has to be signed by a CA and has to be added by use of the Update Key

...

and Certificate operation as explained above.

Generate Key

A user account's private key can be generated like this:

Image Added

Consider that an X.509 certificate matching the user account's private key has to be signed by a CA and has to be added by use of the Update Key and Certificate operation as explained above.

...