Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Uwe Risse

Saved on

compared with

New Version 7

changes.mady.by.user Uwe Risse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • JOC_HOME is the installation path which is specified during the JOC Cockpit installation:
    • C:\Program Files\sos-berlin.com\joc (default on Windows)
    • /opt/sos-berlin.com/joc (default on Linux)
  • JETTY_HOME = JOC_HOME/jetty
  • JETTY_BASE is Jetty's base directory which is specified during the JOC Cockpit installation:
    • C:\ProgramData\sos-berlin.com\joc (default on Windows)
    • /home/<setup-user>/sos-berlin.com/joc (default on Linux)

Step 1: Create

...

Truststore and import your certificate to the JOC Cockpit Web Service Truststore

The following steps are performed on the server that hosts the JOC Cockpit.

You can use the Java Keystore that will be created with the private key for the HTTPS support in Jetty.  Please note that probably you have to create the

...

directory JETTY_BASE/etc

    • Example

      Code Block
      titleSample for
    • generate Keystore with private key and
    • import master certificate
      keytool -
    • genkey
    • importcert -
    • alias "joc"
    • noprompt -
    • dname
    • file "
    • CN=jocHost,O=myCompany
    • my_LDAP_Certificate.pem" -
    • validity 1461 -keyalg RSA -keysize 1024 -keypass secret_key
    • alias "my_alias" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store

    • Explanations

  • Replace the JETTY_BASE placeholder as specified above.
  • The -dname option specifies the certificate issuer, therefore use your own set of CN, OU, DC that specify the issuer's distinguished name. The O setting is required for the issuer.
    • The -keypass option accepts the password that you will need later on to manage your private key. 
    •  -trustcacerts
  • The -keystore option specifies the location of your Keystore Truststore file.
  • The -storepass option specifies the password for access to your Keystore file.

...

  • your Truststore file.
  • The file my_LDAP_Certificate.pem has been created on the LDAP server. Transfer this file to the local machine.

    • certutil -S -n "SOS_LDAP" -s "cn=myCn" -c "SOS_LDAP CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa

    • certutil -L -d . -n "SOS_LDAP CA certificate" -a > my_LDAP_Certificate.pem

Step 2: Configure Jetty

  • Edit the following entries in the JETTY_BASE/resources/joc/joc.properties configuration file corresponding to the Java Keystore:

    Code Block
    truststore_path = ../../etc/joc.jks


    Explanations

    • Specify the location of the Truststore with the truststore_path setting. A location relative to the JETTY_BASE directory can be specified.

     

Step 3: Import your certificate to the JOC Cockpit Web Service Truststore

...

    • .

...

    Example

    Code Block
    titleSample for import master certificate
    keytool -importcert -noprompt -file "my_LDAP_Certificate.pem" -alias "my_alias" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts