JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 51

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • This setting applies to the connection from Director Agent instances to the current Subagent in an JS7 - Agent Cluster.
  • Note that the director-primary, director-secondary  element names are examples that have to be replaced by the Subagent ID of the respective Director Agent instance which is specified during configuration of the Agent Cluster.
  • The permissions element should be used as indicated.
  • The password element specifies the password indicated with the respective Director Agent instance's js7.auth.subagents configuration item. Passwords should be quoted.
    • The password can be specified as plain text preceded by plain:.
    • The password can be specified as a hashed value preceded by sha512:.

...

Keystore and Truststore

Settings in this section apply to any of Standalone Agents, Director Agent instances and Subagents.

Anchor
js7-web-https-keystore
js7-web-https-keystore
HTTPS Keystore and Truststore

...

Access

Code Block
languageyml
linenumberstrue
js7 {
    web {
        # keystore and truststore location for https connections
        https {
             client-keystore {
                # Default: ${js7.config-directory}"/private/https-client-keystore.p12"
                file=${js7.config-directory}"/private/https-client-keystore.p12"
                key-password="jobscheduler"
                store-password="jobscheduler"
            }

            keystore {
                # Default: ${js7.config-directory}"/private/https-keystore.p12"
                file=${js7.config-directory}"/private/https-keystore.p12"
                key-password="jobscheduler"
                store-password="jobscheduler"
                # alias=
            }

            truststores=[
                {
                    # Default: ${js7.config-directory}"/private/https-truststore.p12"
                    file=${js7.config-directory}"/private/https-truststore.p12"
                    store-password="jobscheduler"
                    # alias=
                }
            ]
        }
    }
}

Explanation:

  • HTTPS keystore and truststore truststores are used to hold private keys and certificates.
    • Keystore and truststore settings accept the path to a file in PKCS12 format or in PEM format.
    • The keystore holds the Agent's private key and certificate. This information is used:
      • for Server Authentication with JOC Cockpit and
      • for Client Authentication with Agents.
    • The truststore holds the certificate(s) used to verify:
      • Client Authentication certificates presented by a Controller and
      • Server Authentication certificates challenged by pairing Controllers.
    • A number of truststores can be specified.
  • Optionally a separate HTTPS client keystore can be used:
    • The client keystore is used for TLS mutual authentication and holds a private key and certificate created for Client Auth extended key usage. 
    • When using TLS mutual authentication then:
      • a single certificate can be used that is generated for both Server Auth and Client Auth extended key use. In this case do not use the HTTPS client keystore but use the HTTPS keystore to hold the certificate.
      • separate certificates can be used with the certificate for Server Auth key usage being stored with the HTTPS keystore and the certificate for Client Auth key use being stored with the HTTPS client keystore.
    • For details see 
      Jira
      serverSOS JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverId6dc67751-9d67-34cd-985b-194a8cdc9602
      keyJS-1959
  • Keystore and Truststore locations are specified. In addition:
    • a password for the private keys included in the keystore and a password for access to the keystore can be specified,
    • for the truststore a password for access to the truststore can be specified.
  • Passwords for keystore and truststore are not intended for security of the configuration, they are used to verify the integrity of certificate stores as the password used for creating and reading the certificate store must be the same.
    • The key-password is used for access to a private key in a keystore.
    • The store-password setting is used for access to a keystore or to a truststore.
    • For PKCS12 keystores both settings have to use the same value. The settings can be omitted if no passwords are used.
  • The alias setting can be used for example with a keystore that holds a number of private keys from which the relevant private key is selected by its alias name.

Summary of Configuration Items

General Configuration File: agent.conf

...