Page History
...
Introduction
- Users benefit from the Certificate the JS7 - Certificate Authority included with JOC Cockpit to create and to rollout private keys and certificates.
- This includes simplified rollout to Controller and Agent instances to establish JS7 - Secure Connections.
- The built-in Certificate Authority is applicable when operating JOC Cockpit in a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation.
- The built-in Certificate Authority
- creates X.509 certificates for HTTPS Mutual Authentication
- between JOC Cockpit and Controller instances,
- between Primary and Secondary Controller instances,
- between Controller instances and Agents.
- is not used to create Server Authentication Certificates for access to JOC Cockpit. Access is performed by user browsers, therefore it is preferable to use a Server Authentication Certificate that is signed by a known Certificate Authority for which user browsers include the Root CA certificate.
- creates X.509 certificates for HTTPS Mutual Authentication
- Users benefit from simplified rollout of private keys and certificates when using the built-in Certificate Authority.
JS7 provides a Certificate Rollout Client available with Controller and Agents Agent instance's Start Scripts to create and to rollout private keys and certificates using the built-in Certificate Authority. Rollout of private keys and certificates created with an external Certificate Authority are not in scope of the Certificate Rollout Client. The functionality includes
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
./bin/controller_instance.sh cert \
--token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
--joc-uri=http://somehost.example.com:4446 \
--san="myhost.example.com, myhost" \
--subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
--key-alias=myhost \
--ca-alias="Root CA" \
--target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
--target-keystore-pass=jobscheduler \
--target-keystore-entry-pass=jobscheduler \
--target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
--target-truststore-pass=jobscheduler |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
./bin/controller_instance.sh cert \
--token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
--joc-uri=https://somehost.example.com:4446 \
--san="myhost.example.com, myhost" \
--subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
--key-alias=myhost \
--ca-alias="Root CA" \
--source-keystore=/home/sos/private/js7-keystore.p12 \
--source-keystore-pass="" \
--source-keystore-entry-pass="" \
--source-truststore=/home/sos/private/js7-truststore.p12 \
--source-truststore-pass="" \
--target-keystore=/var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
--target-keystore-pass=jobscheduler \
--target-keystore-entry-pass=jobscheduler \
--target-truststore=/var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
--target-truststore-pass=jobscheduler |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
./bin/controller_instance.sh cert \
--token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b \
--joc-uri=https://myhost.example.com:4446 \
--san="myhost.example.com, myhost" \
--subject-dn="CN=myhost, OU=IT Operations, O=SOS, C=DE, L=Berlin, ST=Berlin" \
--key-alias=myhost \
--ca-alias="Root CA" \
--source-private-key=/home/sos/private/myhost.key \
--source-certificate=/home/sos/public/myhost.pem \
--source-ca-cert="/home/sos/public/intermediate_ca.pem, /home/sos/public/root_ca.pem" \
--target-keystore=var/sos-berlin.com/js7/controller/var/config/private/https-keystore.p12 \
--target-keystore-pass=jobscheduler \
--target-keystore-entry-pass=jobscheduler \
--target-truststore=var/sos-berlin.com/js7/controller/var/config/private/https-truststore.p12 \
--target-truststore-pass=jobscheduler |
...
Overview
Content Tools