Page History

...

js7 {
    web {
        # keystore and truststore location for https connections
        https {
            client-keystore {
                # Default: ${js7.config-directory}"/private/https-client-keystore.p12"
                file=${js7.config-directory}"/private/https-client-keystore.p12"
                key-password=jobscheduler
                store-password=jobscheduler
            }
            truststores=[
               keystore {
                    # Default: ${js7.config-directory}"/private/https-truststorekeystore.p12"
                    file=${js7.config-directory}"/private/https-truststorekeystore.p12"
                key-password=jobscheduler
                store-password=jobscheduler
            }
            }truststores=[
             ]   {
        }
     }
}

Explanation:

       # Default: ${js7.config-directory}"/private/https-truststore.p12"
                    file=${js7.config-directory}"/private/https-truststore.p12"
                    store-password=jobscheduler
                }
            ]
        }
    }
}

Explanation:

• HTTPS keystore and truststore are used to hold private keys and certificates
  • The keystore holds the Controller instance's private key and certificate. This information is used for
    • Server Authentication with JOC Cockpit and for
    • Client Authentication with Agents.
  • The truststore holds the certificate(s) used to verify
    • Client Authentication certificates presented by JOC Cockpit and
    • Server Authentication certificates presented by Agents.
• Optionally a separate HTTPS client keystore can be used:
  • The client keystore is used for HTTPS mutual authentication and holds a private key and certificate created for the extended key usage Client Auth. 
  • When using HTTPS mutual authentication then
    • a single certificate can be used that is generated for both extended key usages Server Auth and Client Auth. In this case do not use the HTTPS client keystore but use the HTTPS keystore to hold the certificate.
    • separate certificates can be used with the certificate for key usage Server Auth being stored with the HTTPS keystore and the certificate for key usage Client Auth being stored with the HTTPS client keystore.
  • For details see 

    Jira
    server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JS-1959

  HTTPS keystore and truststore are used to hold private keys and certificates
  • The keystore holds the Controller instance's private key and certificate. This information is used for
    • Server Authentication with JOC Cockpit and for
    • Client Authentication with Agents.
  • The truststore holds the certificate(s) used to verify
  • Client Authentication certificates presented by JOC Cockpit and
  Server Authentication certificates presented by Agents.
• Keystore and Truststore locations are specified. In addition for
  • the keystore a password for the private keys included and a password for access to the keystore can be specified,
  • the truststore a password for access to the truststore can be specified.
• Passwords for keystores and truststores have no tendency to improve security of the configuration: the passwords have to be specified as plain text and have to be in reach of the Controller. This mechanism is not too different from hiding the key under your doormat. In fact limiting ownership and access permissions for keystore and truststore files to the JS7 Controller's run-time account are more important than using a password.
  • The key-password setting is used for access to a private key in a keystore.
  • The store-password setting is used for access to a keystore or to a truststore.
  • For PKCS12 (*.p12) keystores both settings have to use the same value. The settings can be omitted if no passwords are used.

...