Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1093

Adding certificates to the server truststore ConfigMap doesn't work

XMLWordPrintable

    • Workaround Exists
    • Hide 
      $ oc rsh ${CRW_SERVER_POD}
sh-4.4$ JAVA_TRUST_STORE=/home/jboss/cacerts
sh-4.4$ CUSTOM_PUBLIC_CERTIFICATES="/public-certs"
sh-4.4$ DEFAULT_JAVA_TRUST_STOREPASS="changeit"
sh-4.4$ if [[ -d "$CUSTOM_PUBLIC_CERTIFICATES" && -n "$(find $CUSTOM_PUBLIC_CERTIFICATES -type f)" ]]; then
  FILES="$CUSTOM_PUBLIC_CERTIFICATES/*"
  for cert in $FILES
  do
    echo yes | keytool -keystore $JAVA_TRUST_STORE -importcert -alias "HOSTDOMAIN-$(basename $cert)" -file $cert -storepass $DEFAULT_JAVA_TRUST_STOREPASS > /dev/null
  done
fi
      Show
      $ oc rsh ${CRW_SERVER_POD} sh-4.4$ JAVA_TRUST_STORE=/home/jboss/cacerts sh-4.4$ CUSTOM_PUBLIC_CERTIFICATES= "/public-certs" sh-4.4$ DEFAULT_JAVA_TRUST_STOREPASS= "changeit" sh-4.4$ if [[ -d "$CUSTOM_PUBLIC_CERTIFICATES" && -n "$(find $CUSTOM_PUBLIC_CERTIFICATES -type f)" ]]; then FILES= "$CUSTOM_PUBLIC_CERTIFICATES/*" for cert in $FILES do echo yes | keytool -keystore $JAVA_TRUST_STORE -importcert -alias "HOSTDOMAIN-$(basename $cert )" -file $cert -storepass $DEFAULT_JAVA_TRUST_STOREPASS > /dev/null done fi
    • Hide

      With a CRW 2.2 freshly installed follow this documentation article.

      More details are available in this issue comment.

      Show
      With a CRW 2.2 freshly installed follow this documentation article . More details are available in this issue comment .

      CRW entrypoint.sh is only adding CRW own certificate in the trustore and ignores the certificates that are in /public-certs/. That's handled correctly upstream.

        1. cacert_output.txt
          27 kB

              skabashn Sergii Kabashniuk
              mloriedo Mario Loriedo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: