Introduction
The JS7 - Profiles hold settings that are specific to a user account and which are controlled by the user.
- Profiles include a number of categories such as Preferences, Permissions etc.
- A Profile includes the configuration of the JOC Cockpit as a Certificate Authority (CA) for JS7 - Secure Connections.
- A Certificate Authority set up by the SSL Key Management functionality allows the creation of Server Authentication Certificates and Client Authentication Certificates for TLS/SSL connections.
It is recommended that an external Certificate Authority is used or that certificates are procured from a trusted 3rd-party as the JOC Cockpit Certificate Authority cannot be considered secure:
- The JOC Cockpit Certificate Authority is applicable in absence of decent security requirements when operating JS7 for a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation for more information.
- Use of the JOC Cockpit Certificate Authority is not applicable when operating JS7 for Security Level High as keys and certificates are stored in the JS7 - Database..
The SSL Key Management functionality is used to set up up your own CA with the JOC Cockpit, see JS7 - Certificate Authority - Manage Certificates with JOC Cockpit.
- To set up the Certificate Authority (CA) a Root CA Private Key and self-issued Certificate are created:
- The SSL Key Management sub-view is available to user accounts that are assigned the administrator role. To be precise, user accounts have to be assigned the
sos:products:joc:adminstration:managerole, see JS7 - Default Roles and Permissions.
This article is intended for a security-aware audience that is technically familiar with TLS/SSL key management.
Profile Page
The Profile page is accessible from the user menu of an account in the upper right hand corner of any JOC Cockpit view:
The Profile page offers a number of sub-views. The following section explains the SSL Key Management sub-view.
SSL Key Management
The SSL Key Management sub-view offers the following settings:
Keys and Certificates
The Root CA Private Key and Certificate can be updated/imported from an external CA and they can be generated by the JOC Cockpit:
- Operations for the Root CA Private Key and Certificate include:
- viewing the Private Key and Certificate by using the
icon, - updating the Private Key and Certificate by using the
icon, - importing the Private Key by using the
icon, - generating the Private Key and Certificate by using the
icon.
- viewing the Private Key and Certificate by using the
View Key and Certificate
The Root CA Private Key and Certificate are displayed like this:
Update Key and Certificate
The Root CA Private Key and Certificate can be created from an external CA and can be updated by pasting from the clipboard like this:
Note: For the Root CA, the JOC Cockpit supports ECDSA key algorithms.
Import Key
The Root CA Private Key can be created from an external CA and can be imported from a file like this:
Generate Key and Certificate
A Root CA Private Key is generated and a self-issued Certificate is created like this:
The requested Distinguished Name (DN) is a unique identifier for the Certificate.
- The DN can include any attributes allowed.
- The DN has to include the CN attribute
- Example:
CN=JS7 Root CA, OU=IT Operations, O=SOS, L=Berlin, ST=Berlin, C=DE
Overview
Content Tools