JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 21

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the JOC Cockpit server run the following command and replace the JETTY_HOME and JETTY_BASE placeholders as specified above:

    Code Block
    languagebash
    titleAdd HTTPS module to Jetty
    java -jar "JETTY_HOME/start.jar" -Djetty.home="JETTY_HOME" -Djetty.base="JETTY_BASE" --add-to-start=ssl,https
  • Having executed the above command you should find a new folder JETTY_BASE/etc

    • By default Jetty expects a keystore with the name keystore in this folder that is created from the above command.

    • Jetty doesn't start if it doesn't find a keystore that corresponds to its settings.

  • In addition a number of entries in the JETTY_BASE/start.ini configuration file for TLS/SSL settings such as the HTTPS port are added.

...

  • Edit the following entries in the JETTY_BASE/start.ini configuration file for the truststore location:

    Code Block
    titleExample how to configure the truststore location with the start.ini file
    ## Truststore file path (relative to $jetty.base)
jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12

## Truststore password
jetty.sslContext.trustStorePassword=jobscheduler


    Explanation:

    • Specify the location of the truststore with the trustStorePath setting. A location relative to the JETTY_BASE directory can be specified.
    • Specify the password for access to the truststore with the trustStorePassword setting.
  • Option
    • Should certificate based authentication be enforced then Jetty can be configured to automatically challenge clients to present a Client Authentication certificate. Be aware that with this option being in place it is no longer possible to login with account/password only as a Client Authentication certificate is required..

    • Specify the settings to enforce client authentication with the following entries in the JETTY_BASE/start.ini configuration file: 

      Code Block
      titleExample how to enforce client authentication with the start.ini file
      ## forceenable use of client authentication certificates
jetty.sslContext.needClientAuth=false
jetty.sslContext.wantClientAuth=true
jetty.sslContext.endpointIdentificationAlgorithm=

      Explanation:

...