Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 31

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 32

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The JOC Cockpit Keystore can also be used as a Truststore where the certificates of a number of JobScheduler Masters are imported. 

    • Example for JKS Keystore

      Code Block
      languagebash
      titleExample how to import the Master public certificate to JOC Cockpit JKS Keystore
      # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit JKS keystore (joc-https.jks)
keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.jks" -storepass jobscheduler -trustcacerts

    • Example for PKCS12 Keystore

      Code Block
      languagebash
      titleExample how to import the Master public certificate to JOC Cockpit PKCS12 Keystore
      # import Master public certificate from a file in PEM format (master-https.crt) identified by its alias name (master-https) to the JOC Cockpit PKCS12 keystore (joc-https.p12)
keytool -importcert -noprompt -file "master-https.crt" -alias "master-https" -keystore "JETTY_BASE/etc/joc-https.p12" -storepass jobscheduler -storetype PKCS12 -trustcacerts

    • Explanations

      •  The alias of each certificate has to be unique for the target Keystore.
    • Alternatively, you can import the JobScheduler Master certificates into the default Java Truststore (JAVA_HOME/lib/security/cacerts) of the Java installation which is used by Jetty, however, this setting will be lost if you switch the Java version.

  • If you use the Keystore of your JOC Cockpit Web Service in Jetty as the Truststore of the JobScheduler Master certificates then add the location of the Truststore to  the JETTY_BASE/resources/joc/joc.properties configuration file like this:

    • Example for JKS keystore format

      Code Block
      languagetext
      ### Location of the Java truststore that contains the certificates of each 
###   JobScheduler Master for HTTPS connections. The path can be absolute or relative
###   to joc.properties
truststore_path = ../../etc/joc-https.jks
truststore_password = jobscheduler

    • Example for PKCS12 keystore format

      Code Block
      languagetext
      ### Location of the Java truststore that contains the certificates of each 
###   JobScheduler Master for HTTPS connections. The path can be absolute or relative
###   to joc.properties
truststore_path = ../../etc/joc-https.p12 
truststore_type = PKCS12
truststore_password = jobscheduler
  • Explanations
    • The relative path from the above example looks up the Keystore in the JETTY_BASE/etc directory.

  • The hostname verification can be added optionally in the JETTY_BASE/resources/joc/joc.properties configuration file.

    Code Block
    ################################################################################
### Should hostname verification be carried out for https certificate. 
### Default false
https_with_hostname_verification = true

Caveat

  • In order to apply modifications to ./config/private/private.conf files of the Master or to any configuration files of JOC Cocckpit a restart of the respective component is required.