JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

The JS7 - Profiles hold settings that are specific to a user account and which are controlled by the user. 

  • Profiles include a number of categories such as Preferences, Permissions etc.
  • A Profile includes the configuration of the JOC Cockpit as a Certificate Authority (CA) for JS7 - Secure Connections.
  • A Certificate Authority set up by the SSL Key Management functionality allows the creation of Server Authentication Certificates and Client Authentication Certificates for TLS/SSL connections.

It is recommended that an external Certificate Authority is used or that certificates are procured from a trusted 3rd-party as the JOC Cockpit Certificate Authority cannot be considered secure:

  • The JOC Cockpit Certificate Authority is applicable in absence of decent security requirements when operating JS7 for a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation for more information.
  • Use of the JOC Cockpit Certificate Authority is not applicable when operating JS7 for Security Level High as keys and certificates are stored in the JS7 - Database..

The SSL Key Management functionality is used to set up up your own CA with the JOC Cockpit, see JS7 - Certificate Authority - Manage Certificates with JOC Cockpit.

  • To set up the Certificate Authority (CA) a Root CA Private Key and self-issued Certificate are created:
  • The SSL Key Management sub-view is available to user accounts that are assigned the administrator role. To be precise, user accounts have to be assigned the sos:products:joc:adminstration:manage role, see JS7 - Default Roles and Permissions.

This article is intended for a security-aware audience that is technically familiar with TLS/SSL key management.

Profile Page

The Profile page is accessible from the user menu of an account in the upper right hand corner of any JOC Cockpit view:

Image Added


The Profile page offers a number of sub-views. The following section explains the SSL Key Management

...

x

Image Removed

sub-view.

Anchor
ssl_key_management
ssl_key_management
SSL Key Management

The SSL Key Management sub-view offers the following settings:

Image Added

Keys and Certificates

The Root CA Private Key and Certificate can be updated/imported from an external CA and they can be generated by the JOC Cockpit:

  • Operations for the Root CA Private Key and Certificate include:
    • viewing the Private Key and Certificate by using the Image Added icon,
    • updating the Private Key and Certificate by using the Image Added icon,
    • importing the Private Key by using the Image Added icon,
    • generating the Private Key and Certificate by using the Image Added icon.

View Key and Certificate

The Root CA Private Key and Certificate are displayed like this:

Image Added

Update Key and Certificate

The Root CA Private Key and Certificate can be created from an external CA and can be updated by pasting from the clipboard like this:

Image Added


Note: For the Root CA, the JOC Cockpit supports ECDSA key algorithms.

Import Key

The Root CA Private Key can be created from an external CA and can be imported from a file like this:

Image Added

Generate Key and Certificate

A Root CA Private Key is generated and a self-issued Certificate is created like this:

Image Added


The requested Distinguished Name (DN) is a unique identifier for the Certificate.

  • The DN can include any attributes allowed.
  • The DN has to include the CN attribute
  • Example:
    • CN=JS7 Root CA, OU=IT Operations, O=SOS, L=Berlin, ST=Berlin, C=DE

...