Page History
...
- On the Controller server create the truststore using the
keytool
from your Java JRE or JDK or a third party utility.- For use with a third party utility create a truststore, e.g.
https-truststore.p12,
in PKCS12 format and import:- the Root CA certificate
- For use with
keytool
create the truststore in PKCS12 or JKS format with the Root CA certificate. The examples below show one possible approach for certificate management. However, there may be other ways to achieve similar results.Example for importing a Root CA certificate to a PKCS12 truststore:
Code Block language bash title Example how to import a CA-signed certificate into a PKCS12 Truststore # import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12) keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12
Example for use of a self-signed Controller Agent certificate with a PKCS12 truststore:
Code Block language bash title Example for import of a self-signed Controller Agent certificate the Master public certificate to JOC Cockpit to Controller PKCS12 Truststore collapse true # on Agent server: export Agent's certificate from keystore (https-keystore.p12) identified by its alias name (agent-https) to a file in PEM format (agent-https.crt) keytool -exportcert -rfc -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_AGENT_CONFIG_DIR/private/https-keystore.p12" -storepass jobscheduler -storetype PKCS12 # on Controller server: import the Agent's certificate from a file in PEM format (agent-https.crt) identified by its alias name (agent-https) to the Controller's PKCS12 truststore (https-truststore.p12) keytool -importcert -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts
Example for use of a self-signed Controller Agent certificate with a JKS truststore:
Code Block language bash title Example for import of a self-signed Controller certificate the Master public certificate to JOC Cockpit JKS Truststore collapse true # on Agent server: export Agent's certificate from keystore (https-keystore.jks) identified by its alias name (agent-https) to a file in PEM format (agent-https.crt) keytool -exportcert -rfc -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_AGENT_CONFIG_DIR/private/https-keystore.jks" -storepass jobscheduler -storetype JKS # import the Agent's certificate from a file in PEM format (agent-https.crt) identified by its alias name (agent-https) to the Controller's JKS truststore (https-truststore.jks) keytool -importcert -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.jks" -storepass jobscheduler -storetype JKS -trustcacerts
- For use with a third party utility create a truststore, e.g.
- On the Controller server specify the location of the truststore with the
JS7_CONTROLLER_CONFIG_DIR
/private/private.conf
configuration file:Example
Code Block language text title Example for private.conf file specifying the Controller truststore js7 { web { # keystore and truststore locations for https connections https { truststores=[ { # Default: ${js7.config-directory}"/private/https-truststore.p12" file=${js7.config-directory}"/private/https-truststore.p12" store-password=jobscheduler } ] } } }
Explanation:js7.web.https.truststores.file
is used for the path to the truststore.js7.web.https.truststores.store-password
is used for access to the truststore.
...
Overview
Content Tools