The JS7 - Profiles hold settings that are specific for to a user account and that which are controlled by the user.
- Profiles include a number of categories such as Preferences, Permissions etc.
- A Profile includes to configure the configuration of the JOC Cockpit as a Certificate Authority (CA) for JS7 - Secure Connections.
- A Certificate Authority set up by the SSL Key Management functionality allows to create the creation of Server Authentication Certificates and Client Authentication Certificates for TLS/SSL connections.
It is recommended to use that an external Certificate Authority is used or to procure that certificates are procured from a trusted 3rd-party as the JOC Cockpit Certificate Authority cannot be considered secure:
- The JOC Cockpit Certificate Authority is applicable in absence of decent security requirements when operating JS7 for a Security Level Low or Medium, see JS7 - Security Architecture and JS7 - Secure Operation for more information.
- Use of the JOC Cockpit Certificate Authority is not applicable when operating JS7 for Security Level High as keys and certificates are stored with in the JS7 - Database..
The SSL Key Management functionality is used to set up up your own CA with the JOC Cockpit, see JS7 - Certificate Authority - Manage Certificates with JOC Cockpit.
- To set up the Certificate Authority (CA) a Root CA private key and self-signed certificate are created:
- The SSL Key Management sub-view is available to user accounts that are assigned the administrator role. To be more precise, user accounts have to be assigned the
sos:products:joc:adminstration:managerole, see JS7 - Default Roles and Permissions.
The This article is intended for a security-aware audience that is technically familiar with TLS/SSL key management.
The Profile page is accessible from the user menu of an account in the upper right upper hand corner of any JOC Cockpit view:
The Root CA private key and certificate can be updated/imported from an external CA and they can be generated by the JOC Cockpit:
- Operations for the Root CA private key and certificate include to:
- view viewing the private key and certificate by use of using the icon,update
- updating the private key and certificate by use of by using the icon,import
- importing the private key by use of by using the icon,
- generate generating the private key and certificate by use of by using the icon.
View Key and Certificate
The Root CA private key and certificate is are displayed like this:
Update Key and Certificate
The Root CA private key and certificate can be created from an external CA and can be updated by pasting from the clipboard like this:
Note: For the Root CA, the JOC Cockpit only supports ECDSA key algorithms only as RSA key algorithms are not considered secure for the future.