Introduction

The JS7 - Profiles hold settings that are specific to a user account and which are controlled by the user. 

• Profiles include a number of categories such as Preferences, Permissions etc.
• A Profile includes the configuration of the JOC Cockpit as a Certificate Authority (CA) for JS7 - Secure Connections.
• A Certificate Authority set up by the SSL Key Management functionality allows the creation of Server Authentication Certificates and Client Authentication Certificates for TLS/SSL connections.

It is recommended that an external Certificate Authority is used or that certificates are procured from a trusted 3rd-party as the JOC Cockpit Certificate Authority cannot be considered secure:

• The JOC Cockpit Certificate Authority is applicable in absence of decent security requirements when operating JS7 for a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation for more information.
• Use of the JOC Cockpit Certificate Authority is not applicable when operating JS7 for Security Level High as keys and certificates are stored in the JS7 - Database..

The SSL Key Management functionality is used to set up up your own CA with the JOC Cockpit, see JS7 - Certificate Authority - Manage Certificates with JOC Cockpit.

• To set up the Certificate Authority (CA) a Root CA private key and self-signed certificate are created:
• The SSL Key Management sub-view is available to user accounts that are assigned the administrator role. To be more precise, user accounts have to be assigned the sos:products:joc:adminstration:manage role, see JS7 - Default Roles and Permissions.

This article is intended for a security-aware audience that is technically familiar with TLS/SSL key management.

Profile Page

The Profile page is accessible from the user menu of an account in the upper right hand corner of any JOC Cockpit view:

The Profile page offers a number of sub-views. The following section explains the SSL Key Management sub-view.

SSL Key Management

The SSL Key Management sub-view offers the following settings:

Keys and Certificates

The Root CA private key and certificate can be updated/imported from an external CA and they can be generated by the JOC Cockpit:

• Operations for the Root CA private key and certificate include:
  
  • viewing the private key and certificate by using the  icon,
  • updating the private key and certificate by using the  icon,
  • importing the private key by using the  icon,
  • generating the private key and certificate by using the  icon.

View Key and Certificate

The Root CA private key and certificate are displayed like this:

Update Key and Certificate

The Root CA private key and certificate can be created from an external CA and can be updated by pasting from the clipboard like this:

Note: For the Root CA, the JOC Cockpit only supports ECDSA key algorithms as RSA key algorithms are not considered secure for the future.

Import Key

The Root CA private key can be created from an external CA and can be imported from a file like this:

Generate Key and Certificate

A Root CA private key is generated and a self-signed certificate is created like this:

The requested Distinguished Name (DN) is a unique identifier for the certificate.

• The DN can include any attributes allowed.
• The DN has to include the CN attribute
• Example:
  • CN=JS7 Root CA, OU=IT Operations, O=SOS, L=Berlin, ST=Berlin, C=DE