Details
-
Enhancement
-
Resolution: Done
-
Major
-
7.7
-
2020 Week 34-36 (from Aug 17), 2020 Week 37-39 (from Sep 7)
-
2
Description
Present documentation only explains how to configure ssl certificates for https access for business-central and kie-server.
However, in almost every non-demo environment, few more certificates will be needed:
business-central might need to have certificate for external git service (i.e. corporate Bitbucket repo)
business-central might need another certificate for nexus (it checks nexus during build time)
kie-server might also need nexus certificate (during deployment time)
We solved this by creating a truststore and importing these two (git+nexus) certificates into it.
Then mounting it as via secret into OCP pods.
Then configuring ENV variables like this:
JAVA_OPTS_APPEND='-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=changeit'
We can share respective commands if needed.
But most importantly - since this is such a common step of the setup - it should be documented in detail in our docs.
We also see this topic being asked on chat and sme lists repeatedly..
JAVA_OPTS_APPEND='-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=changeit'
