The JS7 - Profiles hold settings that are specific to a user account and which are controlled by the user.
- Profiles include a number of categories such as Preferences, Permissions etc.
- A Profile includes the configuration of the JOC Cockpit as a Certificate Authority (CA) for JS7 - Secure Connections.
- A Certificate Authority set up by the SSL Key Management functionality allows the creation of Server Authentication Certificates and Client Authentication Certificates for TLS/SSL connections.
It is recommended that an external Certificate Authority is used or that certificates are procured from a trusted 3rd-party as the JOC Cockpit Certificate Authority cannot be considered secure:
- The JOC Cockpit Certificate Authority is applicable in absence of decent security requirements when operating JS7 for a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation for more information.
- Use of the JOC Cockpit Certificate Authority is not applicable when operating JS7 for Security Level High as keys and certificates are stored in the JS7 - Database..
The SSL Key Management functionality is used to set up up your own CA with the JOC Cockpit, see JS7 - Certificate Authority - Manage Certificates with JOC Cockpit.
- To set up the Certificate Authority (CA) a Root CA private key and self-signed certificate are created:
- The SSL Key Management sub-view is available to user accounts that are assigned the administrator role. To be more precise, user accounts have to be assigned the
sos:products:joc:adminstration:managerole, see JS7 - Default Roles and Permissions.
This article is intended for a security-aware audience that is technically familiar with TLS/SSL key management.
The Profile page is accessible from the user menu of an account in the upper right hand corner of any JOC Cockpit view:
The Profile page offers a number of sub-views. The following section explains the SSL Key Management sub-view.
SSL Key Management
The SSL Key Management sub-view offers the following settings:
Keys and Certificates
The Root CA private key and certificate can be updated/imported from an external CA and they can be generated by the JOC Cockpit:
- Operations for the Root CA private key and certificate include:
- viewing the private key and certificate by using the icon,
- updating the private key and certificate by using the icon,
- importing the private key by using the icon,
- generating the private key and certificate by using the icon.
View Key and Certificate
The Root CA private key and certificate are displayed like this:
Update Key and Certificate
The Root CA private key and certificate can be created from an external CA and can be updated by pasting from the clipboard like this:
Note: For the Root CA, the JOC Cockpit only supports ECDSA key algorithms as RSA key algorithms are not considered secure for the future.
The Root CA private key can be created from an external CA and can be imported from a file like this:
Generate Key and Certificate
A Root CA private key is generated and a self-signed certificate is created like this:
The requested Distinguished Name (DN) is a unique identifier for the certificate.
- The DN can include any attributes allowed.
- The DN has to include the CN attribute
CN=JS7 Root CA, OU=IT Operations, O=SOS, L=Berlin, S=Berlin, C=DE