Present documentation only explains how to configure ssl certificates for https access for business-central and kie-server.

However, in almost every non-demo environment, few more certificates will be needed:

business-central might need to have certificate for external git service (i.e. corporate Bitbucket repo)

business-central might need another certificate for nexus (it checks nexus during build time)

kie-server might also need nexus certificate (during deployment time)

We solved this by creating a truststore and importing these two (git+nexus) certificates into it.

Then mounting it as via secret into OCP pods.

Then configuring ENV variables like this:

JAVA_OPTS_APPEND='-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=changeit'

We can share respective commands if needed.

But most importantly - since this is such a common step of the setup - it should be documented in detail in our docs.

We also see this topic being asked on chat and sme lists repeatedly..

JAVA_OPTS_APPEND='-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=changeit'