240 lines
11 KiB
JSON
240 lines
11 KiB
JSON
[
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 0,
|
|
"timestamp": "1:43",
|
|
"timestamp_sec": 103,
|
|
"title": "ST Certificate Fundamentals and X.509 Wrapping",
|
|
"summary": "All certificates in ST are treated uniformly as X.509s internally. SSH keys are wrapped with the local CA to create X.509s for easier management. ST maintains expiration dates on all certificates including those originally without them. Two distinct certificate storage locations: global (server-shared) and per-account (user-specific).",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 1,
|
|
"timestamp": "5:44",
|
|
"timestamp_sec": 344,
|
|
"title": "Certificate Storage Tiers: Global, Local, Trusted CAs",
|
|
"summary": "Global list: certificates any user and server can use. Local certificates: public-private pairs used for protocol daemons and shared authentication to partner sites. Trusted CAs: root and intermediate certificates. ST's internal CA is one of many trusted CAs and signs all generated certificates.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 2,
|
|
"timestamp": "10:46",
|
|
"timestamp_sec": 646,
|
|
"title": "Account-Level Certificate Categories",
|
|
"summary": "Three per-account certificate tabs: Login certificates (public keys for user authentication via SSH/certificate protocols). Partner certificates (public certs for PGP encryption and AS2 mutual trust). Private certificates (for logging into partner servers and PGP decryption).",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 3,
|
|
"timestamp": "12:33",
|
|
"timestamp_sec": 753,
|
|
"title": "Client-Private, Server-Public Key Authentication Model",
|
|
"summary": "For authentication, the connecting client carries the private key; server carries the public key to validate against. PGP encryption uses public key; decryption uses private. SSL X.509s contain both components plus metadata.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 4,
|
|
"timestamp": "15:45",
|
|
"timestamp_sec": 945,
|
|
"title": "Certificate Placement Troubleshooting and Access Levels",
|
|
"summary": "Partner certificates tab holds only public components; if private key needed for transfer sites, place in private certificates tab instead. Local certificates work for both because they contain both public and private. Access levels control sharing: private (account-only), business unit, or public scopes.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 5,
|
|
"timestamp": "20:41",
|
|
"timestamp_sec": 1241,
|
|
"title": "DigiCert Import Workflow and Certificate Chaining",
|
|
"summary": "Import signed DigiCert certificate into local certificates first. 'Valid and chained' status means the full chain is trusted. If not chained, missing intermediate or root CA \u2014 use browser to extract chain, then import intermediates and roots into trusted CAs. Operations panel server certificate field draws only from local certificates.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 6,
|
|
"timestamp": "22:06",
|
|
"timestamp_sec": 1326,
|
|
"title": "Certificate Validation Status and Chain Verification",
|
|
"summary": "Two validation components: 'valid' checks certificate dates and time zones; 'chained' verifies path to trusted root. Keep adding root and intermediate certificates until status shows 'valid and chained'. Certificates not meeting this requirement cause service errors even if partially functional.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 7,
|
|
"timestamp": "29:16",
|
|
"timestamp_sec": 1756,
|
|
"title": "Passwordless Certificate Import and Browser Conversion",
|
|
"summary": "Import passwordless cert into browser, mark private key exportable, export it, then apply password before importing to ST. Browser approach works faster than OpenSSL for certificate handling. ST requires all local and private certificates to have password protection.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 8,
|
|
"timestamp": "33:38",
|
|
"timestamp_sec": 2018,
|
|
"title": "Password Types: Private Key vs CA Password",
|
|
"summary": "X.509 import password protects the private key. SSH key import asks for CA password (internal CA's password to sign the key into X.509). Different screens ask for different password types \u2014 important to distinguish when troubleshooting import failures.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 9,
|
|
"timestamp": "35:22",
|
|
"timestamp_sec": 2122,
|
|
"title": "External Script Routes for Conditional File Processing",
|
|
"summary": "Create route with external script as first step; configure proceed on success only. Script checks file contents and exits zero for success or non-zero for failure. Script must be local (not NFS) and installed on all cluster nodes. Log scripts to standard output for debugging.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 10,
|
|
"timestamp": "37:39",
|
|
"timestamp_sec": 2259,
|
|
"title": "External Script Performance and File Passing Limitations",
|
|
"summary": "Each external script invocation creates new JVM runtime; hundreds of files cause resource issues. Pluggable Java steps are a more efficient alternative. External scripts do not properly pass files to next step; they leave files in sandbox. Uncheck 'proceed only with result from preceding step' to grab all sandbox files regardless of source.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 11,
|
|
"timestamp": "40:56",
|
|
"timestamp_sec": 2456,
|
|
"title": "PFX Certificate Format and Browser Workaround",
|
|
"summary": "ST does not support PFX format. Import PFX into browser, export as P12, then import to ST. Browser automatically extracts and links proper intermediates and roots during import, making manual chain discovery unnecessary.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 12,
|
|
"timestamp": "45:48",
|
|
"timestamp_sec": 2748,
|
|
"title": "Trigger Files for Batched File Processing",
|
|
"summary": "Non-scheduled folder monitors wait until trigger file arrives before processing batch. Trigger supports grab-all, pattern-matching, or file-list modes. New option: if trigger contains file list, waits for all listed files to arrive before processing. Batch processing reduces resource overhead vs. per-file handling.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 13,
|
|
"timestamp": "49:34",
|
|
"timestamp_sec": 2974,
|
|
"title": "Windows to Linux Storage Migration: NFS, GFS, GPFS",
|
|
"summary": "Linux backend supports NFS (cheaper, less performant), GFS, GPFS (commercial-grade, clustered, faster). NetApp appliance can export NFS mounts. Samba protocol provides Unix equivalent for folder monitor pulls. Capacity guide documents performance comparisons for file system choices.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 14,
|
|
"timestamp": "55:45",
|
|
"timestamp_sec": 3345,
|
|
"title": "Cloud and Windows Migration Strategy Considerations",
|
|
"summary": "Delay Windows-to-Linux migration if moving to cloud within two years \u2014 double migration wastes effort. Text file line-ending conversion (Windows CRLF vs Unix LF) requires routing changes. Unix file permissions differ from Windows account-based security.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 15,
|
|
"timestamp": "58:51",
|
|
"timestamp_sec": 3531,
|
|
"title": "June 2023 Patch Folder Monitor Root Permission Regression",
|
|
"summary": "June 2023 patch changed folder monitor to verify root directory access, breaking existing setups requiring only parent-directory permission. Windows security model differs from Unix; Unix always requires parent permission clearance by design. Annie committed to investigating and reporting findings.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
},
|
|
{
|
|
"video_id": "891786881",
|
|
"video_url": "https://vimeo.com/891786881",
|
|
"chapter_index": 16,
|
|
"timestamp": "70:29",
|
|
"timestamp_sec": 4229,
|
|
"title": "Folder Monitor Scheduling, Cache Behavior, and Event Queue",
|
|
"summary": "Rescheduling busy folder monitors does not stop in-flight execution; cache may take hours to clear. Disabling folder monitor service globally stops thread. November release adds event queue UI showing queued files behind processing. Folder monitor pull lists directory files at least N seconds old regardless of arrival time.",
|
|
"transcript": "",
|
|
"is_demo": false,
|
|
"frame_description": null,
|
|
"source": "ask-annie",
|
|
"series": "ST Best Practices Q&A"
|
|
}
|
|
] |