Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The JS7 - Profiles hold settings that are specific for a user account and that are controlled by the user. 

  • Profiles include a number of categories such as Preferences, Permissions etc.
  • The profile Profile includes settings used for digitally signing objects such as workflows for JS7 - Deployment.
  • The underlying security requirements are explained with JS7 - Secure Deployment.

...

  • Security Level Low
    • Inventory objects are automatically signed with the private key that is stored with the root account.
    • Signing is automatically applied when performing the Deploy operation.
    • The Profile page for Signature Key Management is available for the user account only that is specified as the default profile account with the JS7 - Settings, chapter: JOC Cockpit Settings.
  • Security Level Medium
    • Inventory objects are automatically signed with the private key that is stored with the current user's account.
    • Signing is automatically applied when performing the Deploy operation.
    • The Profile page for Signature Key Management is available individually for any user accounts account holding a Deploy permission, see JS7 - Default Roles and Permissions.
  • Security Level High
    • Inventory objects are signed outside of JOC Cockpit.
    • As a consequence no Profile page for Signature Key Management is available.

...

  • the CA Certificate is required to verify the user account's private key and certificate for digital signing when performing deployments.
    • This includes to check that the user account's certificate is signed with the given CA Certificate or a later CA Intermediate Certificate.
    • This includes to check expiration dates of certificates.
    • Depending on the fact if that the JS7 Certificate Authority or if an external Certificate Authority is used the respective CA Certificate has to be added to the user account's Profile.
  • for an X.509 CA Certificate (Root CA Certificate or Intermediate CA Certificate) the certificate's subject is displayed.

...

User accounts have to be equipped with a private key and certificate issued for digital signing in order to deploy scheduling objects to Controllers and Agents:

  • If the a user's certificate is signed by a Certificate Authority then it is sufficient to rollout the CA Certificate to Controller and Agent instances to which the user should be entitled to deploy scheduling object such as workflows.
  • if the a user's certificate is self-signed then the user's certificate has to be rolled out to Controller and Agent instances to which the user should be entitled to perform deployments.

...

A user account's private key can be created by an external CA and can be imported from a file like this:

...