Versions Compared

Version Old Version 1 New Version 2
Changes made by

Chooi San Chong

Chooi San Chong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you prefer to use the Platform Container Keystore for all remote picos, follow these steps.

Execution Context

  1. Copy the keystore file that was created in /wiki/spaces/MD94/pages/445186112 from the Platform Container to each of the Execution Containers. Place it in Execution Container $MZ_HOME/keys.

  2. Retrieve the properties keystore path, passwords and alias from Platform Container.

Info

Commands retrieving the values from the Platform Container

Code Block
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.password
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.key.password

If aliases are used in the keystore, you can use this for retrieving the value of the alias used by the platform certificate.

Code Block
$ mzsh topo get --format data-only topo://container:<platform container>/val:common.pico.rcp.tls.keystore.alias

  1. Set these same properties in each Execution Container. Keystore passwords and alias should be same values as for the Platform Container.

Info

Commands configuring keystore properties

Code Block
$ mzsh topo set 'topo://container:<execution container>/obj:common.pico.rcp.tls' \
'{ keystore=<keystore path> }'
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.password"' \
<encrypted password>
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.key.password"' \
<encrypted password>

If aliases are used in the keystore, you can use this to configure the value of the alias.

Code Block
$ mzsh topo set 'topo://container:<execution container>/val:common."pico.rcp.tls.keystore.alias"' \
<encrypted password>

Example,

Code Block
$ mzsh topo set 'topo://container:echost01/obj:common.pico.rcp.tls' \
'{ keystore="/opt/mz/keys/keystore.p12" }'
$ mzsh topo set 'topo://container:echost01/val:common."pico.rcp.tls.keystore.password"' \
'DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86'
$ mzsh topo set 'topo://container:echost01/val:common."pico.rcp.tls.key.password"' \
'DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86'
$ mzsh topo set 'topo://container:echost01/val:common."pico.rcp.tls.keystore.alias"' \
1

Run mzsh topo open container to see the property:

Code Block
pico.rcp.tls.keystore="/opt/mz/keys/keystore.p12"
"pico.rcp.tls.keystore.password"="DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86"
"pico.rcp.tls.key.password"="DR_8.1_KEY-1-9E5885A757778BFB153C6C877A7D9A86"
"pico.rcp.tls.keystore.alias"="1"

  1. In Platform Container, enable client authentication by setting the property pico.rcp.tls.require_clientauth to true.

Code Block
$ mzsh topo set topo://container:<platform container>/val:common.pico.rcp.tls.require_clientauth true

Run mzsh topo open container to see the property:

Code Block
pico.rcp.tls.require_clientauth="true"

  1. Restart the Platform, followed by restarting the ECs.

Legacy Desktop

  1. Copy the keystore file that was created in /wiki/spaces/MD94/pages/445186112 from the Platform Container to each of the desktop launcher client machine.

  2. When attempting to log in to the platform, the desktop launcher will display a window stating, 'Instance requires client authentication and no client key is available. Import Client Key?'.

    image-20250117-084206.pngImage Added

  1. Click Yes and browse to the keystore file location.

  2. After clicking OK, you need to enter the keystore password.

...

Desktop UI (Work in progess)