Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 17

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Specify the HTTPS port with the https_port attribute of the <config> element in the SCHEDULER_DATA/config/scheduler.xml configuration file like this:

    Code Block
    languagexml
    <spooler>
        <config http_port="40444" https_port="48444" mail_xslt_stylesheet="config/scheduler_mail.xsl">
                <!-- other elements -->
        </config>
</spooler>

  • Should you use a keystore in PKCS12 format then the Master has to know the keystore password. This is not required for keystores in JKS format. Specify the type and password for a PKCS12 keystore with the  SCHEDULER_DATA/config/factory.ini configuration file like this:

    Code Block
    languagexml
    [java]
options = -Dlog4j.configuration="file:///${SCHEDULER_HOME}/lib/log4j.properties" -Djavax.xml.transform.TransformerFactory="net.sf.saxon.TransformerFactoryImpl" -Djavax.net.ssl.keyStoreType="PKCS12" -Djavax.net.ssl.keyStorePassword="jobscheduler"

...

  • The JOC Cockpit Keystore can also be used as a Truststore where the certificates of a number of JobScheduler Masters are imported. 

    • Example for JKS keystore

      Code Block
      titleSample for import master certificate
      keytool -importcert -noprompt -file "master-https.pem" -alias "master-host-port" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts

    • Example for PKCS12 keystore

      Code Block
      titleSample for import master certificate
      keytool -importcert -noprompt -file "master-https.pem" -alias "master-host-port" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts -storetype PKCS12

    • Explanations

      •  The alias of each certificate has to be unique for the target Keystore.
    • Alternatively, you can import the JobScheduler Master certificates into the default Java Truststore (JAVA_HOME/lib/security/cacerts) of the Java installation which is used by Jetty, however, this setting will be lost if you switch the Java version.

  • If you use the Keystore keystore of your JOC Cockpit Web Service in Jetty as Truststore of the JobScheduler Master certificates then add the location of the Truststore to  the JETTY_BASE/resources/joc/joc.properties configuration file like this:

    • Example for JKS keystore format

      Code Block
      ### Location of the Java trustore which contains the certificates of each 
### JobScheduler Master for HTTPS connections. Path can be absolute or relative
### to joc.properties
truststore_path = ../../etc/joc.jks

    • Example for PKCS12 keystore format

      Code Block
      ### Location of the Java trustore which contains the certificates of each 
### JobScheduler Master for HTTPS connections. Path can be absolute or relative
### to joc.properties
truststore_path = ../../etc/joc.jks 
truststore_type = PKCS12
truststore_password = jobscheduler
  • Explanations
    • The relative path from the above example looks up the Keystore in the JETTY_BASE/etc directory.

  • The hostname verification can be added optionally in the JETTY_BASE/resources/joc/joc.properties configuration file.

    Code Block
    ################################################################################
### Should hostname verification be carried out for https certificate. 
### Default false
https_with_hostname_verification = true

...