By default, IriusRisk trusts all verified public certificates. If you want to integrate with a service using a self-signed certificate not trusted by a worldwide root CA, you will need to import it first into IriusRisk's Java Key Store.
Before we start you need to have the certificate you want to trust in a X.509 DER encoded binary format. Let's suppose you have it in a trusted_cert.cer file in the same directory where it is located in your docker-compose.yml file for IriusRisk. Please follow the below procedures.
Copy your certificate to a tomcat container that contains JKS.
docker cp trusted_cert.cer iriusrisk-tomcat:/home/
Import your certificate to JKS.
$ keytool -import \
-keystore /etc/ssl/certs/java/cacerts \
-storepass changeit \
-alias name_of_your_trusted_service \
-trustcacerts \
-file trusted_cert.cer
Verify the import
keytool -list -keystore /etc/ssl/certs/java/cacerts -v \
| grep name_of_your_trusted_service -A 1
Create a new directory inside the directory where the docker-compose file is located.
$ mkdir jvmstore
Copy the cacerts file from the tomcat container to the above-created folder:
$ docker cp iriusrisk-tomcat:/etc/ssl/certs/java/cacerts jvmstore/
Mount the directory as a new volume to the container by adding the following line to the docker-compose.yml file, under the tomcat section:
volumes:
- "./jvmstore/cacerts:/etc/ssl/certs/java/cacerts"
Relaunch the stack:
$ docker-compose down && docker-compose up -d
Comments
0 comments
Article is closed for comments.