JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

The built-in certificate authority offers the functionality

  • to create a root private key and certificate, to self-sign the root certificate,
    • The root private key and certificate are stored with the JS7 - Database.
  • to create private keys and certificates per Controller instance and Agent, to sign the resulting certificates.
    • The private keys and certificates are not stored with the database, instead, they are requested by Controller instances and Agents, are created on-the-fly and are forwarded to the requester.

Root Certificate

The root private key and self-signed certificate have to be created from an initial step:

The User->Profile menu of JOC Cockpit offers user accounts that are assigned the administrator role the sub-tab CA Management.

Explanation:

  • Operations offered from this sub-tab include
    • to generate the private key and certificate and to self-sign the certificate
    • to import and to update the private key and self-signed certificate in case that they are generated by an external certificate authority.
  • JOC Cockpit supports ECDSA key algorithms only as RSA key algorithms are not considered secure for a longer future.

Certificates for Controllers and Agents

The User->Manage Controllers/Agents menu of JOC Cockpit offers to create tokens for Controller instances and Agents individually:

  • You can use the Controller's action menu to create one-time tokens for Controller instances.
  • You can select one or more Agents to create one-time tokens per Agent. Then use the Create one-time Token button.
  • After selection of the Controller or Agents a popup window is displayed that asks for the lifetime of the token.


Explanation:

  • The token is valid until its lifetime expires. 
    • It is recommended to use short lifetimes such as 30 minutes that are sufficient to perform the steps for roll-out of certificates to the respective Controller and Agents.
    • The lifetime is specified for a time zone as the user browser's time zone and the time zone of the server operating a Controller instance or Agent might differ.
  • Cleanup of expired tokens is performed automatically by JOC Cockpit.
  • Once the tokens are generated they become accessible from the user interface.


Explanation:

  • Each Agent for which a token has been created displays the expiration date and offers a key symbol:
    • when hitting the key symbol the token will be displayed,
    • display of the token offers a button to copy the token value to the clipboard.








  • No labels