...
- Create the Java Keystore using the Keytools from your Java JRE.
- Generate the Java Keystore with the private key and the certificate for the JobScheduler Master and export the certificate to a second Keystore that is later on used by the JOC Cockpit.
Example
Code Block title Example how to generate a Keystore with private key and certificate keytool -genkey -alias "master-https" -dname "CN=jobSchedulerHost,O=myCompany" -validity 1461 -keyalg RSA -keysize 1024 -keypass jobscheduler -keystore "SCHEDULER_DATA/config/private/private-https.jks" -storepass jobscheduler
Explanations- Replace the
JETTY_BASEplaceholder as specified above. - The
-dnameoption specifies the certificate issuer, therefore use your own set of CN, OU, DC that specify the issuer's distinguished name. The O setting is required for the issuer. - The
-keypassoption accepts the password that you will need later on to manage your private key. With the default password being used no further settings are required as explained below. - The
-keystoreoption specifies the location of your Keystore file.- The Keystore file should be in reach of the JobScheduler Master, it is therefore recommended to create a sub-folder
privatein the./configdirectory. - Using the default
- file name
"private-https.jks"will save the effort of adding further settings as explained above.
- The Keystore file should be in reach of the JobScheduler Master, it is therefore recommended to create a sub-folder
- The
-storepassoption specifies the password for access to your Keystore file. For the handling of the default password the same applies as stated with the-keypassoption.
- Replace the
- If not otherwise configured then the JobScheduler Master by default uses the password
jobschedulerfor the respective Keystore. - If you choose an individual password for the JobScheduler Master Keystore then adjust the following properties in the
SCHEDULER_DATA/config/private/private.confconfiguration file:- Explanations
jobscheduler.master.webserver.https.keystore.fileis used for the path to the Keystorejobscheduler.is used for the Keystore passwordmaster.webserver.https.keystore.passwordjobscheduler.is used for the password of your private HTTPS certificatemaster.webserver.https.keystore.key-password
Example
Code Block language text title Sample private.conf file jobscheduler.master.webserver.https.keystore { file = "C:/ProgramData/sos-berlin.com/jobscheduler/master110/config/private/private-https.jks" # Backslashes are written twice (as in JSON notation): # file = "\\\\other-computer\\share\\my-keystore.jks" password = "secret" key-password = "secret" }
- Explanations
- Generate the Java Keystore with the private key and the certificate for the JobScheduler Master and export the certificate to a second Keystore that is later on used by the JOC Cockpit.
- Export the JobScheduler Master public certificate for use with the JOC Cockpit Web Service
Code Block title Sample for export certicate keytool -exportcert -rfc -noprompt -file "master-https.pem" -alias "master-https" -keystore "SCHEDULER_DATA/config/private/private-https.jks" -storepass jobscheduler- The exported certificate of each JobScheduler Master has to be imported to the Java Keystore (rather Truststore) which is used by the JOC Cockpit.
...
- The JobScheduler Master HTTPS web service is only accessible to authenticated users that are identified by the JobScheduler ID.
- The JobScheduler ID is specified on installation of a JobScheduler Master and is a unique string.
- The JobScheduler Master expects HTTP Basic Authentication.
The credentials are used from
SCHEDULER_DATA/config/private/private.confconfiguration file where each user that has an entry of the form:Code Block jobscheduler.master.auth.users { JOBSCHEDULER_ID = "HASH_SCHEME:HASHED_PASSWORD" }The
HASH_SCHEMEis specified by the prefix "plain" and is followed by the password:Code Block jobscheduler.master.auth.users { jobscheduler_prod = "plain:secret" }
...