JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • On the Controller instance's server create the keystore using openssl and the keytool from your Java JRE or JDK or a 3rd-party utility.
    • For use with a 3rd-party utility create a keystore, e.g. https-keystore.p12, in PKCS12 format and import:
      • Controller Private Key and Certificate for Server Authentication
    • For use with openssl and keytool create the keystore with the Private Key and Certificate for Server Authentication from the command line. The examples below show a possible approach for certificate management - however, there are other ways of achieving similar results.

      • Example for importing a Private Key and CA-signed Certificate to a PKCS12 keystore:

        Code Block
        languagebash
        titleExample how to import a Private Key and CA-signed Certificate to a PKCS12 keystore
        # Assume the fully qualified domain name (FQDN) of the Controller server to be "controller.example.com"

# If the Controller's CA-signed Certificate is provided from a pkcs12 keystore (certificate.p12), extract the Certificate to a .crt file in PEM format (controller.example.com.crt)
# openssl pkcs12 -in certificate.p12 -nokeys -out controller.example.com.crt

# Import the Controller's Private Key (controller.example.com.key) and Certificate (controller.example.com.crt) from PEM format to a new keystore (https-keystore.p12)
openssl pkcs12 -export -in controller.example.com.crt -inkey controller.example.com.key -name controller.example.com -out "JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.p12"

      • Example for creating a Private Key and CA-signed Certificate and import to a keystore

        • Refer to examples available from JS7 - How to create X.509 SSL TLS Certificates, chapter Creating SSL/TLS Server Certificates.

          Code Block
          languagebash
          titleExample how to create a Private Key and CA-signed Certificate
          # Creating the Private Key and selfCA-signed Certificate for the given validity period
./create_server_certificate.sh --dns=controller.example.com --days=365

        • Refer to examples available from JS7 - How to add SSL TLS Certificates to Keystore and Truststore.

          Code Block
          titleExample how to add a Private Key and CA-signed Certificate to a PKCS12 keystore
          # Adding the Private Key and Certificate to a keystore
./js7_create_certificate_store.sh \
    --keystore=JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.p12 \
    --key=controller.example.com.key \
    --cert=controller.example.com.crt \
    --alias=controller.example.com \
    --password="jobscheduler"


          When using additional arguments for creation of a truststore then users have the truststore available for the later step 4:

          Code Block
          titleExample how to add a Private Key and CA-signed Certificate to a PKCS12 keystore and the Root CA Certificate to a truststore
          # Adding the Private Key and Certificate to a keystore and Root CA Certificate to a truststore
./js7_create_certificate_store.sh \
    --keystore=JS7_CONTROLLER_CONFIG_DIR/private/https-keystore.p12 \
    --truststore=JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12 \ 
    --key=controller.example.com.key \
    --cert=controller.example.com.crt \
    --alias=controller.example.com \
    --password="jobscheduler" \
    --ca-root=root-ca.crt
    • With the keystore being set up, specify the relevant properties with the JS7_CONTROLLER_CONFIG_DIR/private/private.conf configuration file:

      • Example

        Code Block
        languagetext
        titleExample for private.conf file specifying the Controller keystore
        js7 {
    web {
        # keystore location for https connections
        https {
            keystore {
                # Default: ${js7.config-directory}"/private/https-keystore.p12"
                file=${js7.config-directory}"/private/https-keystore.p12"
                key-password="jobscheduler"
                store-password="jobscheduler"
            }
        }
    }
}


        Explanation:
        • js7.web.https.keystore.file is used for the path to the keystore.
        • js7.web.https.keystore.key-password is used for access to the Private Key.
        • js7.web.https.keystore.store-password is used for access to the keystore. Passwords for Private Key and keystore have to match when using PKCS12 keystores.

  • On the Controller instance's server create the truststore using the keytool from your Java JRE or JDK or a 3rd-party utility.
    • For use with a 3rd-party utility create a truststore, e.g. https-truststore.p12, in PKCS12 format and import:
      • Root CA Certificate
    • The examples below show a possible approach for certificate management - however, there are other ways of achieving similar results.

      • Example for importing a Root CA Certificate to a PKCS12 truststore:

        Code Block
        languagebash
        titleExample how to import a Root CA Certificate to a PKCS12 truststore
        # Import Root CA Certificate in PEM format to a PKCS12 truststore (https-truststore.p12)
keytool -importcert -alias "root-ca" -file "root-ca.crt" -keystore "JS7_CONTROLLER_CONFIG_DIR/private/https-truststore.p12" -storetype PKCS12

...