While deploying a immutable kieserver instance with a kjar deployed on nexus the startup is failing because of verify.sh [1] script. The reason for this failure is that our KJARs and its dependencies are uploaded in nexus accessible via HTTPS, signed by self-signed certificate.

By default, self-signed certificates are not accepted, therefore we usually solve this by passing appropriate truststore and corresponding configuration - such as javax.net.ssl.trustStore.

In openshift, we are passing this property via env variable JAVA_OPTS_APPEND

We see that the kieserver-verify.sh script is ignoring this property - therefore JAR files fromt his nexus can't be downloaded.

Steps to reproduce can be found here [2].

[1] - https://github.com/jboss-container-images/jboss-kie-modules/blob/master/jboss-kie-kieserver/added/launch/kieserver-verify.sh#L23
[2] - https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.7/html-single/deploying_a_red_hat_process_automation_manager_immutable_server_environment_on_red_hat_openshift_container_platform/index#server-immutable-kjar-deploy-assy