JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The JS7 - Profiles hold settings that are specific for to a user account and that which are controlled by the user. 

  • Profiles include a number of categories such as Preferences, Permissions etc.
  • A Profile includes to configure the configuration of the JOC Cockpit as a Certificate Authority (CA) for JS7 - Secure Connections.
  • A Certificate Authority set up by the SSL Key Management functionality allows to create the creation of Server Authentication Certificates and Client Authentication Certificates for TLS/SSL connections.

It is recommended to use that an external Certificate Authority is used or to procure that certificates are procured from a trusted 3rd-party as the JOC Cockpit Certificate Authority cannot be considered secure:

  • The JOC Cockpit Certificate Authority is applicable in absence of decent security requirements when operating JS7 for a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation for more information.
  • Use of the JOC Cockpit Certificate Authority is not applicable when operating JS7 for Security Level High as keys and certificates are stored with in the JS7 - Database..

The SSL Key Management functionality is used to set up up your own CA with the JOC Cockpit, see JS7 - Certificate Authority - Manage Certificates with JOC Cockpit.

  • To set up the Certificate Authority (CA) a Root CA private key Private Key and self-signed certificate issued Certificate are created:
  • The SSL Key Management sub sub-view is available to user accounts that are assigned the administrator role. To be more precise, user accounts have to be assigned the sos:products:joc:adminstration:manage role, see JS7 - Default Roles and Permissions.

The This article is intended for a security-aware audience that is technically familiar with TLS/SSL key management.

...

The Profile page is accessible from the user menu of an account in the upper right upper hand corner of any JOC Cockpit view:

...

Keys and Certificates

The Root CA private key Private Key and certificate Certificate can be updated/imported from an external CA and they can be generated by the JOC Cockpit:

  • Operations for the Root CA private key Private Key and certificate Certificate include to:
    • view viewing the private key Private Key and certificate Certificate by use of using the  icon,update
    • updating the private key and certificate by use of Private Key and Certificate by using the  icon,import
    • importing the private key by use of the Private Key by using the icon,generate
    • generating the private key and certificate by use of Private Key and Certificate by using the  icon.

View Key and Certificate

The Root CA private key and certificate is Private Key and Certificate are displayed like this:

Update Key and Certificate

The Root CA private key Private Key and certificate Certificate can be created from an external CA and can be updated by pasting from the clipboard like this:


Note:  For For the Root CA, the JOC Cockpit supports ECDSA key algorithms only as RSA key algorithms are not considered secure for the future.

Import Key

The Root CA private key Private Key can be created from an external CA and can be imported from a file like this:

...

Generate Key and Certificate

A Root CA private key Private Key is generated and a self-signed certificate issued Certificate is created like this:


The requested Distinguished Name (DN) is a unique identifier for the certificateCertificate.

  • The DN can include any attributes allowed.
  • The DN has to include the CN attribute
  • Example:
    • CN=JS7 Root CA, OU=IT Operations, O=SOS,  LL=Berlin, SST=Berlin, C=DE