JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 30

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the Agent server create the keystore using openssl and the keytool from your Java JRE or JDK. Alternatively import a private key and certificate that you received from your Certificate Authority:
    • For use with a third party utility create a keystore, e.g. https-keystore.p12, in PKCS12 format and import:
      • the Agent private key and certificate for Server Authentication
    • The examples below show a possible approach for certificate management. However, there are other ways to achieve similar results.

      • Example for importing a private key and CA-signed certificate to a PKCS12 keystore:

        Code Block
        languagebash
        titleExample how to import a private key and CA-signed certificate to a PKCS12 keystore
        # Assume the fully qualified domain name (FQDN) of the Agent server to be "agent.example.com"

# If the Agent's CA-signed certificate is provided from a pkcs12 keystore (certificate.p12), extract the certificate to a .crt file in PEM format (agent.example.com.crt)
# openssl pkcs12 -in certificate.p12 -nokeys -out agent.example.com.crt

# Import the Agent's private key (agent.example.com.key) and certificate (agent.example.com.crt) from PEM format to a new keystore (agent.example.com.p12)
openssl pkcs12 -export -in agent.example.com.crt -inkey agent.example.com.key --name agent.example.com -out "JS7_AGENT_CONFIG_DIR/private/https-keystore.p12"

      • Example for creating a private key and self-signed certificate and import to a keystore

        • Refer to examples available from JS7 - How to create self-signed Certificates, chapter Creating a Server Certificate.

          Code Block
          languagebash
          titleExample how to create a private key and self-signed certificate
          # Creating the private key and self-signed certificate for the given validity period
./create_certificate.sh --dns=agent.example.com --days=365

        • Refer to examples available from JS7 - How to add SSL TLS Certificates to Keystore and Truststore.

          Code Block
          titleExample how to add a private key and self-signed certificate to a PKCS12 keystore
          # Adding the private key and certificate to a keystore
./js7_create_certificate_store.sh \
    --keystore=JS7_AGENT_CONFIG_DIR/private/https-keystore.p12 \
    --key=agent.example.com.key \
    --cert=agent.example.com.crt \
    --alias=agent.example.com \
    --password="jobscheduler"


          When using additional arguments a truststore will be immediately created:

          Code Block
          titleExample how to add a private key and self-signed certificate to a PKCS12 keystore and the Root CA Certificate to a truststore
          # Adding the private key and certificate to a keystore and Root CA Certificate to a truststore
./js7_create_certificate_store.sh \
    --keystore=JS7_AGENT_CONFIG_DIR/private/https-keystore.p12 \
    --truststore=JS7_AGENT_CONFIG_DIR/private/https-truststore.p12 \ 
    --key=agent.example.com.key \
    --cert=agent.example.com.crt \
    --alias=agent.example.com \
    --password="jobscheduler" \
    --ca-root=root-ca.crt
    • With the keystore being set up specify the relevant properties with the JS7_AGENT_CONFIG_DIR/private/private.conf configuration file:

      • Example

        Code Block
        languagetext
        titleExample for private.conf file specifying the Agent keystore
        js7 {
    web {
        # keystore and truststore locations for https connections
        https {
            keystore {
                # Default: ${js7.config-directory}"/private/https-keystore.p12"
                file=${js7.config-directory}"/private/https-keystore.p12"
                key-password="jobscheduler"
                store-password="jobscheduler"
            }
        }
    }
}


        Explanation:
        • js7.web.https.keystore.file is used for the path to the keystore.
        • js7.web.https.keystore.key-password is used for access to the private key.
        • js7.web.https.keystore.store-password is used for access to the keystore. Passwords for key access and keystore access have to match if a PKCS12 keystore type is used.

  • On the Agent instance's server create the keystore using the keytool from your Java JRE or JDK or a third party utility.
    • For use with a third party utility create a truststore, e.g. https-truststore.p12, in PKCS12 format and import:
      • Root CA Certificate
    • The examples below show a possible approach for certificate management - however, there are other ways of achieving similar results.

      • Example for importing a Root CA Certificate to a PKCS12 truststore:

        Code Block
        languagebash
        titleExample how to import a Root CA Certificate to a PKCS12 truststore
        # Import Root CA Certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -importcert -alias "root-ca" -file "root-ca.crt" -keystore "JS7_AGENT_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12

...