JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 9

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Example for importing a certificate to a JOC Cockpit truststore in PKCS12 format:

    Code Block
    languagebash
    titleExample for import of LDAP Server Certificate to PKCS12 Keystore
    # import LDAP Server certificate to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.p12" -storetype pkcs12 -storepass secret_store -trustcacerts

  • Example for importing a certificate to a JOC Cockpit truststore in JKS format:

    Code Block
    languagebash
    titleExmple for import of LDAP Server certificate to JKS Keystore
    # import LDAP Server certificate to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.jks" -storetype jks -storepass secret_store -trustcacerts
  • Explanation
    • The -keystore option specifies the location of the truststore file.
    • The -storepass option specifies the password for access to the truststore.
    • The certificate file ldap-ertificate.crt should be available from the LDAP Server. Transfer this file to the JOC Cockpit server. Alternatively the server server certificate can be requested on-the-fly.

      • Example for request of server certificate:

        Code Block
        languagebash
        titleExample for request of server certificate from LDAP Server
        # connect to the LDAP Server (ldap_server) with the available port (636), in the server response you should find the certificate that you can copy & paste to a certificate file
openssl s_client -showcerts -connect ldap_server:636

      • If the certificate is signed by a CA then the certificate should include the certificate chain of Root CA Certificate and Intermediate CA Certificate. Otherwise it might be required to concatenate the certificates into one file, for example:

        Code Block
        languagebash
        titleExample for use of a certificate chain
        # concatenate Root CA certificate and Intermediate CA certificate as provided from the LDAP Server to a single CA Bundle certificate file (ca-bundle.crt)
cat RootCACertificate.crt > ca-bundle.crt
cat IntermediateCACertificate.crt >> ca-bundle.crt

# import LDAP Server certificate and certificate chain to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ca-bundle.crt" -alias "ldap" -keystore "JETTY_BASE/resources/joc/joc.p12" storetype pkcs12 -storepass secret_store -trustcacerts

...