...
Flowchart |
---|
Agent_A [label=" JobScheduler Agent 1 ",fillcolor="lightskyblue"] Master [label=" JobScheduler Master ",fillcolor="lightskyblue"] Agent_B [label=" JobScheduler Agent 2 ",fillcolor="lightskyblue"] Master_Truststore [label="Master Truststore\n./config/agent-https.jks\nCA certificates\nAgent certificates",fillcolor="orange"] Agent_A_Keystore [label="Agent 1 Keystore\n./config/private/private-https.jks\nAgent Private Key",fillcolor="orange"] Agent_B_Keystore [label="Agent 2 Keystore\n./config/private/private-https.jks\nAgent Private Key",fillcolor="orange"] CA_RootCertificate [shape="ellipse",shape="ellipse",label="CA Root Certificate",fillcolor="white"] CA_IntermediateCertificate [shape="ellipse",label="CA Intermediate Certificate",fillcolor="white"] Agent_A_PrivateKey [shape="ellipse",label="Agent 1 Private Key",fillcolor="white"] Agent_A_Keystore_Certificate [shape="ellipse",label="Agent 1 Certificate",fillcolor="white"] Agent_A_Truststore_Certificate [shape="ellipse",label="Agent 1 Certificate\n(self-signed)",fillcolor="whitechartreuse"] Agent_B_PrivateKey [shape="ellipse",label="Agent 2 Private Key",fillcolor="white"] Agent_B_Keystore_Certificate [shape="ellipse",label="Agent 2 Certificate",fillcolor="white"] Agent_B_Truststore_Certificate [shape="ellipse",label="Agent 2 Certificate\n(self-signed)",fillcolor="whitechartreuse"] Agent_A -> Agent_A_Keystore Agent_A -> Agent_A_Truststore_Certificate [label=" transfer to Master "] Agent_A_Keystore -> Agent_A_PrivateKey -> Agent_A_Keystore_Certificate [label=" add to keystore "] Master -> Agent_A [label=" establish Agent connection "] Master -> Agent_B [label=" establish Agent connection "] Master -> Master_Truststore Master_Truststore -> CA_RootCertificate -> CA_IntermediateCertificate [label=" add to truststore "] CA_IntermediateCertificate -> Agent_A_Truststore_Certificate [label=" add to truststore "] CA_IntermediateCertificate -> Agent_B_Truststore_Certificate [label=" add to truststore "] Agent_B -> Agent_B_Keystore Agent_B -> Agent_B_Truststore_Certificate [label=" transfer to Master "] Agent_B_Keystore -> Agent_B_PrivateKey -> Agent_B_Keystore_Certificate [label=" add to keystore "] |
The Agent's private key and certificate are added to the Agent's keystore. In case of a self-signed certificate the certificate is added to the Master's truststore as well. This step can be skipped if a CA-signed certificate is used as the Root Certificate and Intermediate Certificate in a Master's truststore are sufficient to verify any Agent certificates.
Set up a secure connection to the Agent
...