Add certificate to truststore to enable SSL commun

2019-01-20 17:28发布

站内问答 / 后端开发
1562 2 4

How do I add a certificate to the trust store when application is running in bluemix. Is there any way to update cacert, either programmatically or using cli?

Any documentation or link on the same will be greatly appreciated.

2条回答
何必那么认真
2楼-- · 2019-01-20 17:46

You could try using the spring-boot-ssl-truststore-gen which adds the certificate to the system truststore inside the buikdpack:

First you need this in your pom.xml (or alternative):

<repositories>
   <repository>
      <id>jcenter</id>
      <url>http://jcenter.bintray.com </url>
      <snapshots>
        <enabled>true</enabled>
        <updatePolicy>never</updatePolicy>
        <checksumPolicy>warn</checksumPolicy>
      </snapshots>
       <releases>
         <enabled>true</enabled>
         <checksumPolicy>warn</checksumPolicy>
      </releases>
   </repository>
</repositories>

and 

<dependency>
    <groupId>com.orange.clara.cloud.boot.ssl-truststore-gen</groupId>
    <artifactId>spring-boot-ssl-truststore-gen</artifactId>
    <version>2.0.21</version>
</dependency>

Next declare the certificate in your manifest.yml:

env:
    TRUSTED_CA_CERTIFICATE: |-
        -----BEGIN CERTIFICATE-----
        changeme
        -----END CERTIFICATE-----

That's it. When you cf push your application, the certificate will get added to the truststore.

查看更多
0人赞 添加讨论(0) 举报
The star\"
3楼-- · 2019-01-20 17:59

You can push a packaged server to the Liberty buildpack. With the packaged server, you can package the cert and configure the server.xml accordingly (see https://www-01.ibm.com/support/knowledgecenter/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_sec_keystores.html). The server.xml will be part of the packaged server.

If you need to update the cert, the standard way in Bluemix Cloud Foundry runtime is to repush the application.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)