JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 28

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following step is performed on the server hosting the Agent that should decrypt secrets. The example makes use of the openssl command line utility that can be installed for Windows. There are alternative ways how to create Private Keys and Certificates. Find more examples and explanations from JS7 - How to create X.509 Encryption Keys.

Code Block
languagebash
titleExample how to create ECDSA private key and certificatePrivate Key and Certificate using ECDSA encryption
linenumberstrue
collapsetrue
#@rem navigate to the Agent's <agent-data>/\config/\private directory
cd /var/%Programdata%\sos-berlin.com/\js7/\agent/\config/\private

#@rem create thePrivate privateKey
@rem key  infor pkcs#1use formatwith 
#passphrase add:  without passphrase-passout pass:"secret"
openssl ecparam -name secp256k1secp384r1 -genkey -noout -out agent.key

#@rem create Certificate withSigning passphraseRequest
# openssl ecparamreq -genkeynew -namesha512 secp256k1-nodes | openssl ec-key agent.key -aes256 -passout pass:"jobscheduler" -out agent.key

# create certificate
openssl req -new -x509 -key agent.key -out agent.crt -days 1825  
# openssl req -new -x509 -keyout agent.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent"

@rem create Certificate
set user_crt_tmp_file=user-crt-%RANDOM%.tmp
echo keyUsage=critical,keyAgreement,keyEncipherment > %user_crt_tmp_file%

@rem   for passphrase add: -passin pass:"secret"
openssl x509 -req -sha512 -days 1825 -signkey agent.key -passin pass:"jobscheduler"in agent.csr -out agent.crt -days 1825extfile %user_crt_tmp_file%
del /q %user_crt_tmp_file%
Code Block
languagebash
titleExample how to create RSA private key and certificatePrivate Key and Certificate using RSA encryption
linenumberstrue
collapsetrue
#@rem navigate to the Agent's <agent-data>/\config/\private directory
cd /var/%Programdata%\sos-berlin.com/js7/agent/config/private

# create the private key in pkcs#1 format
#   without passphrase
openssl req -x509 -sha256 -newkey rsa:2048 -nodes -keyout agent.key -out agent.crt
#   with passphrase
# openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyout agent.key -out agent.crtcom\js7\agent\config\private

@rem create Private Key and Certificate Signing Request
@rem   for passphrase add: -passout pass:"secret"
openssl req -new -newkey rsa:4096 -sha256 -nodes -keyout agent.key -out agent.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent"

@rem create Certificate
set user_crt_tmp_file=user-crt-%RANDOM%.tmp
echo keyUsage=critical,keyAgreement,keyEncipherment > %user_crt_tmp_file%

@rem   for passphrase add: -passin pass:"secret"
openssl x509 -req -sha512 -days 1825 -signkey agent.key -in agent.csr -out agent.crt -extfile %user_crt_tmp_file%
del /q %user_crt_tmp_file%

Step 2: Making the Certificate available

...