Page History

...

On the Controller server create the truststore using the keytool from your Java JRE or JDK or a third party utility.

For use with a third party utility create a truststore, e.g. https-truststore.p12, in PKCS12 format and import:
- the Root CA certificate

For use with keytool create the truststore in PKCS12 or JKS format with the Root CA certificate. The examples below show one possible approach for certificate management. However, there may be other ways to achieve similar results.

Example for importing a Root CA certificate to a PKCS12 truststore:

Code Block

language	bash
title	Example how to import a CA-signed certificate into a PKCS12 Truststore

# import Root CA certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -import -alias "root-ca" -file "RootCACertificate.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12

Example for use of a self-signed Agent certificate with a PKCS12 truststore:

Code Block

language	bash
title	Example for import of a self-signed Agent certificate to Controller PKCS12 Truststore
collapse	true

# on Agent server: export Agent's certificate from keystore (https-keystore.p12) identified by its alias name (agent-https) to a file in PEM format (agent-https.crt)
keytool -exportcert -rfc -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_AGENT_CONFIG_DIR/private/https-keystore.p12" -storepass jobscheduler -storetype PKCS12

# on Controller server: import the Agent's certificate from a file in PEM format (agent-https.crt) identified by its alias name (agent-https) to the Controller's PKCS12 truststore (https-truststore.p12)
keytool -importcert -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts

Example for use of a self-signed Agent certificate with a JKS truststore:

Code Block

language	bash
title	Example for import of a self-signed Controller Agent certificate the Master public certificate to JOC Cockpit to Controller JKS Truststore
collapse	true

# on Agent server: export Agent's certificate from keystore (https-keystore.jks) identified by its alias name (agent-https) to a file in PEM format (agent-https.crt)
keytool -exportcert -rfc -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_AGENT_CONFIG_DIR/private/https-keystore.jks" -storepass jobscheduler -storetype JKS

# import the Agent's certificate from a file in PEM format (agent-https.crt) identified by its alias name (agent-https) to the Controller's JKS truststore (https-truststore.jks)
keytool -importcert -noprompt -file "agent-https.crt" -alias "agent-https" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.jks" -storepass jobscheduler -storetype JKS -trustcacerts

On the Controller server specify the location of the truststore with the JS7_CONTROLLER_CONFIG_DIR/private/private.conf configuration file:

Example

Code Block

language	text
title	Example for private.conf file specifying the Controller truststore

js7 {
    web {
        # keystore and truststore locations for https connections
        https {
            truststores=[
                {
                    # Default: ${js7.config-directory}"/private/https-truststore.p12"
                    file=${js7.config-directory}"/private/https-truststore.p12"
                    store-password=jobscheduler
                }
            ]
        }
    }
}

Explanation:

js7.web.https.truststores.file is used for the path to the truststore.
js7.web.https.truststores.store-password is used for access to the truststore.

...

Space shortcuts

Page tree

Versions Compared

Old Version 15

New Version 16

Key