Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Uwe Risse

Saved on

compared with

New Version 4

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Scope

  • If using LDAP for authentication it is possible to secure the connection with starttlsSTARTTLS.
  • This article describes the steps required to set up communication with starttlsSTARTTLS.

Prerequisites

  • The Java Keytools is installed with your Java JRE.
  • Your LDAP server is configured to use starttlsSTARTTLS.
  • When using starttls your LDAP Realm realm configuration in the shiro.ini configuration file contains contains:
    ldapRealm.useStartTls=true

Set up a secure connection to your LDAP Server 

This configuration is applied in order to enable starttls in STARTTLS in the communication to the LDAP Server.

...

  • JOC_HOME is the installation path which is specified during the JOC Cockpit installation:
    • C:\Program Files\sos-berlin.com\joc (default on Windows)
    • /opt/sos-berlin.com/joc (default on Linux)
  • JETTY_HOME = JOC_HOME/jetty
  • JETTY_BASE is Jetty's base directory which is specified during the JOC Cockpit installation:
    • C:\ProgramData\sos-berlin.com\joc (default on Windows)
    • /home/<setup-user>/sos-berlin.com/joc (default on Linux)

Step 1: Create the Java Keystore for Jetty

  • Create the Java Keystore using the Keytools from your Java JRE.
    • Generate the Java Keystore with the private key and certificate for Jetty and export the certificate to the Keystore that is later on used by the browsers. Please note that probably you have to create the directory JETTY_BASE/etc

      • Example

        Code Block
        titleSample for generate Keystore with private key and certificate
        keytool -genkey -alias "joc" -dname "CN=jocHost,O=myCompany" -validity 1461 -keyalg RSA -keysize 1024 -keypass secret_key -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store

        Explanations

        • Replace the JETTY_BASE placeholder as specified above.
        • The -dname option specifies the certificate issuer, therefore use your own set of CN, OU, DC that specify the issuer's distinguished name. The O setting is required for the issuer.
        • The -keypass option accepts the password that you will need later on to manage your private key. 
        • The -keystore option specifies the location of your Keystore file.
        • The -storepass option specifies the password for access to your Keystore file.

 

Step 2: Configure Jetty

  • Edit the following entries in the JETTY_BASE/resources/joc/joc.properties configuration file corresponding to the Java Keystore:

    Code Block
    ###############################################################################
### Location of the Java trustore which contains the certificates of each 
### JobScheduler Master for HTTPS connections. Path can be absolute or relative
### to this file.
truststore_path = ../../etc/joc.jks


    Explanations

    • Specify the location of the Truststore with the truststore_path setting. A location relative to the JETTY_BASE directory can be specified.

     

Step 3: Import your

...

certificate to the JOC Cockpit Web Service Truststore

The following steps are performed on the server that hosts the JOC Cockpit.

...