By default IriusRisk trusts all verified public certificates. If you want to integrate with a service using a self-signed certificate not trusted by a worldwide root CA, you will need to import it first into IriusRisk's Java Key Store.
Before we start you need to have the certificate you want to trust in a X.509 DER encoded binary format. Let's suppose you have it in a trusted_cert.cer file in same directory where it is located your docker-compose.yml file for IriusRisk.
Create new folder for the Java Key Store:
$ mkdir jvmstore
Copy from the tomcat container the default cacerts file to that folder:
$ docker cp iriusrisk-tomcat:/etc/ssl/certs/java/cacerts jvmstore/
Give it permissions to write:
$ chmod +w jvmstore/cacerts
Import your certificate:
$ keytool -import \
-keystore jvmstore/cacerts \
-storepass changeit \
-alias name_of_your_trusted_service \
-trustcacerts \
-file trusted_cert.cer
Verify the import:
$ keytool -list -keystore jvmstore/cacerts \
| grep name_of_your_trusted_service -A 1
Mount new volume inside the container add the following to the docker-compose.yml file, under the tomcat section:
volumes:
- "./jvmstore/cacerts:/etc/ssl/certs/java/cacerts"
Relaunch the stack:
$ docker-compose down && docker-compose up -d
Comments
0 comments
Article is closed for comments.