Details
-
Feature
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
2.0.0
-
None
Description
Current Situation
- The JOC Cockpit makes use of two keystores (Jetty, REST Web Service API) for server and client authentication certificates (private keys).
- A keystore can hold any number of private keys. There is no reasonable mechanism in Java to auto-select the matching private key from a keystore.
Desired Behavior
- JOC Cockpit should allow to specify a key alias from the configuration
- of Jetty in the ./jetty/etc/jetty-ssl-context.xml file
- Example
<Configure id="Server" class="org.eclipse.jetty.server.Server"> ... <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> ... <Set name="CertAlias"><Property name="jetty.sslContext.keystore.alias" default="jetty"/></Set> </New> ... </Configure>
- of Jetty in the ./jetty/etc/jetty-ssl-context.xml file
-
- of the REST Web Service API in the joc.properties file
- The setting is made with keystore_alias = ALIAS
Example
################################################################################### ### Location, type, alias and passwords of the keystore that contains the client ### private keys for HTTPS connections to the JS7 Controller. ### The path to this file can be absolute or relative. A relative path starts from ### the ./jetty_base/resources/joc directory. keystore_path = joc.p12 keystore_type = PKCS12 keystore_password = jobscheduler keystore_alias = jobscheduler key_password = jobscheduler
- The setting is made with keystore_alias = ALIAS
- of the REST Web Service API in the joc.properties file
- The KeyStore class should be provided the key alias name.
Maintainers Note
- The JOC Cockpit will fail to start if a wrong alias name is specified for the certificate. In this situation no error message are available in the jetty.log file. So make sure you use the correct certificate alias names.
Attachments
Issue Links
- relates to
-
-
- Released
-