...
Specify the HTTPS port with the
https_port
attribute of the <config>
element in theSCHEDULER_DATA/
config/scheduler.xml configuration
file like this:Code Block language xml <spooler> <config http_port="40444" https_port="48444" mail_xslt_stylesheet="config/scheduler_mail.xsl"> <!-- other elements --> </config> </spooler>
Should you use a keystore in PKCS12 format then the Master has to know the keystore password. This is not required for keystores in JKS format. Specify the type and password for a PKCS12 keystore with the
SCHEDULER_DATA/
config/factory.ini configuration
file like this:Code Block language xml [java] options = -Dlog4j.configuration="file:///${SCHEDULER_HOME}/lib/log4j.properties" -Djavax.xml.transform.TransformerFactory="net.sf.saxon.TransformerFactoryImpl" -Djavax.net.ssl.keyStoreType="PKCS12" -Djavax.net.ssl.keyStorePassword="jobscheduler"
...
- The JOC Cockpit Keystore can also be used as a Truststore where the certificates of a number of JobScheduler Masters are imported.
Example for JKS keystore
Code Block title Sample for import master certificate keytool -importcert -noprompt -file "master-https.pem" -alias "master-host-port" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts
Example for PKCS12 keystore
Code Block title Sample for import master certificate keytool -importcert -noprompt -file "master-https.pem" -alias "master-host-port" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts -storetype PKCS12
Explanations
- The alias of each certificate has to be unique for the target Keystore.
- Alternatively, you can import the JobScheduler Master certificates into the default Java Truststore (
JAVA_HOME/lib/security/cacerts
) of the Java installation which is used by Jetty, however, this setting will be lost if you switch the Java version.
If you use the Keystore keystore of your JOC Cockpit Web Service in Jetty as Truststore of the JobScheduler Master certificates then add the location of the Truststore to the
JETTY_BASE/resources/joc/joc.properties
configuration file like this:Example for JKS keystore format
Code Block ### Location of the Java trustore which contains the certificates of each ### JobScheduler Master for HTTPS connections. Path can be absolute or relative ### to joc.properties truststore_path = ../../etc/joc.jks
Example for PKCS12 keystore format
Code Block ### Location of the Java trustore which contains the certificates of each ### JobScheduler Master for HTTPS connections. Path can be absolute or relative ### to joc.properties truststore_path = ../../etc/joc.jks truststore_type = PKCS12 truststore_password = jobscheduler
- Explanations
- The relative path from the above example looks up the Keystore in the
JETTY_BASE/etc
directory.
- The relative path from the above example looks up the Keystore in the
The hostname verification can be added optionally in the
JETTY_BASE/resources/joc/joc.properties
configuration file.Code Block ################################################################################ ### Should hostname verification be carried out for https certificate. ### Default false https_with_hostname_verification = true
...