Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1093

Adding certificates to the server truststore ConfigMap doesn't work

    XMLWordPrintable

Details

    • Workaround Exists
    • Hide 
      $ oc rsh ${CRW_SERVER_POD}
sh-4.4$ JAVA_TRUST_STORE=/home/jboss/cacerts
sh-4.4$ CUSTOM_PUBLIC_CERTIFICATES="/public-certs"
sh-4.4$ DEFAULT_JAVA_TRUST_STOREPASS="changeit"
sh-4.4$ if [[ -d "$CUSTOM_PUBLIC_CERTIFICATES" && -n "$(find $CUSTOM_PUBLIC_CERTIFICATES -type f)" ]]; then
  FILES="$CUSTOM_PUBLIC_CERTIFICATES/*"
  for cert in $FILES
  do
    echo yes | keytool -keystore $JAVA_TRUST_STORE -importcert -alias "HOSTDOMAIN-$(basename $cert)" -file $cert -storepass $DEFAULT_JAVA_TRUST_STOREPASS > /dev/null
  done
fi
      Show
      $ oc rsh ${CRW_SERVER_POD} sh-4.4$ JAVA_TRUST_STORE=/home/jboss/cacerts sh-4.4$ CUSTOM_PUBLIC_CERTIFICATES= "/public-certs" sh-4.4$ DEFAULT_JAVA_TRUST_STOREPASS= "changeit" sh-4.4$ if [[ -d "$CUSTOM_PUBLIC_CERTIFICATES" && -n "$(find $CUSTOM_PUBLIC_CERTIFICATES -type f)" ]]; then FILES= "$CUSTOM_PUBLIC_CERTIFICATES/*" for cert in $FILES do echo yes | keytool -keystore $JAVA_TRUST_STORE -importcert -alias "HOSTDOMAIN-$(basename $cert )" -file $cert -storepass $DEFAULT_JAVA_TRUST_STOREPASS > /dev/null done fi
    • Hide

      With a CRW 2.2 freshly installed follow this documentation article.

      More details are available in this issue comment.

      Show
      With a CRW 2.2 freshly installed follow this documentation article . More details are available in this issue comment .

    Description

      CRW entrypoint.sh is only adding CRW own certificate in the trustore and ignores the certificates that are in /public-certs/. That's handled correctly upstream.

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. CRW-1124 quay.io/crw/server-rhel8:2.3-37 deployment failed because of "chmod: changing permissions of '/home/user/cacerts': Operation not permitted" error

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          links to

          Web Link Procedure for adding custom public certificates is broken

          Activity

            People

              skabashn Sergii Kabashniuk
              mloriedo Mario Loriedo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: