Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the Controller server create the truststore using the keytool from your Java JRE or JDK or a third party utility.
    • For use with a third party utility create a truststore, e.g. https-truststore.p12, in PKCS12 format and import:
      • the Root CA certificate
    • For use with keytool create the truststore in PKCS12 or JKS format with the Root CA certificate. The examples below show one possible approach for certificate management. However, there may be other ways to achieve similar results.
      • Example for importing a Root CA certificate to a PKCS12 truststore:

        Code Block
        languagebash
        titleExample how to import a CA-signed certificate into a PKCS12 Truststore
        # import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
        keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12
      • Example for use of a self-signed Controller Agent certificate with a PKCS12 truststore:

        Code Block
        languagebash
        titleExample for import of a self-signed Controller Agent certificate the Master public certificate to JOC Cockpit to Controller PKCS12 Truststore
        collapsetrue
        # on Agent server: export Agent's certificate from keystore (https-keystore.p12) identified by its alias name (agent-https) to a file in PEM format (agent-https.crt)
        keytool -exportcert -rfc -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_AGENT_CONFIG_DIR/private/https-keystore.p12" -storepass jobscheduler -storetype PKCS12
        
        # on Controller server: import the Agent's certificate from a file in PEM format (agent-https.crt) identified by its alias name (agent-https) to the Controller's PKCS12 truststore (https-truststore.p12)
        keytool -importcert -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts 
      • Example for use of a self-signed Controller Agent certificate with a JKS truststore:

        Code Block
        languagebash
        titleExample for import of a self-signed Controller certificate the Master public certificate to JOC Cockpit JKS Truststore
        collapsetrue
        # on Agent server: export Agent's certificate from keystore (https-keystore.jks) identified by its alias name (agent-https) to a file in PEM format (agent-https.crt)
        keytool -exportcert -rfc -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_AGENT_CONFIG_DIR/private/https-keystore.jks" -storepass jobscheduler -storetype JKS
        
        # import the Agent's certificate from a file in PEM format (agent-https.crt) identified by its alias name (agent-https) to the Controller's JKS truststore (https-truststore.jks)
        keytool -importcert -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.jks" -storepass jobscheduler -storetype JKS -trustcacerts
  • On the Controller server specify the location of the truststore with the JS7_CONTROLLER_CONFIG_DIR/private/private.conf configuration file:
    • Example

      Code Block
      languagetext
      titleExample for private.conf file specifying the Controller truststore
      js7 {
          web {
              # keystore and truststore locations for https connections
              https {
                  truststores=[
                      {
                          # Default: ${js7.config-directory}"/private/https-truststore.p12"
                          file=${js7.config-directory}"/private/https-truststore.p12"
                          store-password=jobscheduler
                      }
                  ]
              }
          }
      }


      Explanation:
      • js7.web.https.truststores.file is used for the path to the truststore.
      • js7.web.https.truststores.store-password is used for access to the truststore.

...