The above explanations indicate use of a Root CA certificate for verification of Client Authentication certificates Certificates when it comes to mutual authentication.
- In fact use of a Root CA certificate allows any clients that dispose of a Client Authentication certificate Certificate signed by the same Root CA certificate Certificate or Intermediate CA certificates Certificates to be authenticated. This implication might allow an unwanted number of clients to access JOC Cockpit.
- Coping strategies include
- to use a separate certificate authority Certificate Authority to sign Client Authentication certificates Certificates for access to JOC Cockpit.
- to import individual Client Authentication certificates Certificates to the JOC Cockpit truststore instead of using a Root CA certificateCertificate.
- A restart of JOC Cockpit is required to apply modifications to the JOC Cockpit
JETTY_BASE/resources/joc/joc.propertiesconfiguration files .