...
- The JOC Cockpit Keystore can also be used as a Truststore where the certificates of a number of JobScheduler Masters are imported.
Example for JKS Keystore
Code Block language bash title Example how to import the Master public certificate to JOC Cockpit JKS Keystore # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit JKS keystore (joc-https.jks) keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.jks" -storepass jobscheduler -trustcacerts
Example for PKCS12 Keystore
Code Block language bash title Example how to import the Master public certificate to JOC Cockpit PKCS12 Keystore # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit PKCS12 keystore (joc-https.p12) keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts
Explanations
- The alias of each certificate has to be unique for the target Keystore.
- Alternatively, you can import the JobScheduler Master certificates into the default Java Truststore (
JAVA_HOME/lib/security/cacerts
) of the Java installation which is used by Jetty, however, this setting will be lost if you switch the Java version.
If you use the Keystore of your JOC Cockpit Web Service in Jetty as the Truststore of the JobScheduler Master certificates then add the location of the Truststore to the
JETTY_BASE/resources/joc/joc.properties
configuration file like this:Example for JKS keystore format
Code Block language text ### Location of the Java truststore that contains the certificates of each ### JobScheduler Master for HTTPS connections. The path can be absolute or relative ### to joc.properties truststore_path = ../../etc/joc-https.jks truststore_password = jobscheduler
Example for PKCS12 keystore format
Code Block language text ### Location of the Java truststore that contains the certificates of each ### JobScheduler Master for HTTPS connections. The path can be absolute or relative ### to joc.properties truststore_path = ../../etc/joc-https.p12 truststore_type = PKCS12 truststore_password = jobscheduler
- Explanations
- The relative path from the above example looks up the Keystore in the
JETTY_BASE/etc
directory.
- The relative path from the above example looks up the Keystore in the
The hostname verification can be added optionally in the
JETTY_BASE/resources/joc/joc.properties
configuration file.Code Block ################################################################################ ### Should hostname verification be carried out for https certificate. ### Default false https_with_hostname_verification = true
Caveat
- In order to apply modifications to ./config/private/private.conf files of the Master or to any configuration files of JOC Cocckpit a restart of the respective component is required.