...
- The connection to JobScheduler Universal Agent can be secured by HTTPS.
- This article describes the steps required to set up secure HTTPS communication without the need of using a reverse proxy (for this use case see JobScheduler Universal Agent - connecting via HTTPS through a proxy).
- The article describes as well how explains the authentication between Master and Agent works.
Prerequisites
The only prerequisite is to have the Java keytools installed in with your Java JRE. It is highly probable that this is already installed with your JRE.
...
Set up a secure connection to
...
the
...
Agent
Step 1: Create the Java Keystore
...
- Create the Java Keystore using the Keytools from your Java JRE.
- If not otherwise configured then JobScheduler Agent and Master by default use the password
jobscheduler
for the Keystore. - if you choose an individual password for the Keystore then adjust the following properties in the
<agent_data>/
config/private/private.conf
configuration file:- Explanations
- jobscheduler.agent.webserver.https.keystore.file is used for the path to the Keystore
- jobscheduler.agent.webserver.https.keystore.password is used for the Keystore password
- jobscheduler.agent.webserver.https.keystore.key-password is used for the password of your private HTTPS certificate
Example
Code Block language text title Sample private.conf file jobscheduler.agent.webserver.https.keystore { file = "C:/ProgramData/sos-berlin.com/jobscheduler/agent110/config/private/private-https.jks" # Backslashes are written twice (as in JSON notation): # file = "\\\\other-computer\\share\\my-keystore.jks" password = "jobscheduler" key-password = "jobscheduler" }
- Explanations
- Find a sample script to generate the Keystore with keygen.sh
- If not otherwise configured then JobScheduler Agent and Master by default use the password
- Store the private key for the Agent under
<agent_data>/config/private
- Filename:
private-https.jks
- Filename:
- Store the trusted certificate for the Master under
<master_data>/config
- Filename:
agent-https.jks
- Filename:
Step 2: Set up authentication between Master and Agent
- Set Master password in a file on the Master under
<master_data>/config/private
- Filename:
private.conf
The file look like this:
Code Block jobscheduler.master.credentials.password = "myjobscheduler4444"
- Filename:
- Specify the Master password in a file on the Agent under
<agent_data>/config/private
- Filename:
private.conf
Specify the Master that will try to communicate with the Agent through the JobScheduler ID. For example, for a Master with ID "scheduler_4444" this file would look as follows:
Code Block jobscheduler.agent.auth.users { scheduler_4444 = "plain:myjobscheduler4444" }
- Filename:
...