Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1379

Use key alias to access the private key of a keystore

    XMLWordPrintable

Details

    Description

      Current Situation

      • The JOC Cockpit makes use of two keystores (Jetty, REST Web Service API) for server and client authentication certificates (private keys).
      • A keystore can hold any number of private keys. There is no reasonable mechanism in Java to auto-select the matching private key from a keystore.

      Desired Behavior

      • JOC Cockpit should allow to specify a key alias from the configuration
        • of Jetty in the ./jetty/etc/jetty-ssl-context.xml file
          • Example
            <Configure id="Server" class="org.eclipse.jetty.server.Server">
              ...
                <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
                   ...
                  <Set name="CertAlias"><Property name="jetty.sslContext.keystore.alias" default="jetty"/></Set>
                </New>
              ...
            </Configure>
            
        • of the REST Web Service API in the joc.properties file
          • The setting is made with keystore_alias = ALIAS
            Example
            ###################################################################################
            ### Location, type, alias and passwords of the keystore that contains the client
            ### private keys for HTTPS connections to the JS7 Controller.
            ### The path to this file can be absolute or relative. A relative path starts from
            ### the ./jetty_base/resources/joc directory.
            
            keystore_path = joc.p12
            keystore_type = PKCS12
            keystore_password = jobscheduler
            keystore_alias = jobscheduler
            key_password = jobscheduler
            
      • The KeyStore class should be provided the key alias name. 

      Maintainers Note

      • The JOC Cockpit will fail to start if a wrong alias name is specified for the certificate. In this situation no error message are available in the jetty.log file. So make sure you use the correct certificate alias names.

      Attachments

        Issue Links

          Activity

            People

              oh Oliver Haufe
              ap Andreas Püschel
              Kanika Agrawal Kanika Agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: