Add certificate to truststore to enable SSL communication

Question

How do I add a certificate to the trust store when application is running in bluemix. Is there any way to update cacert, either programmatically or using cli?

Any d

Answer 1

You could try using the spring-boot-ssl-truststore-gen which adds the certificate to the system truststore inside the buikdpack:

First you need this in your pom.xml (or alternative):

<repositories>
   <repository>
      <id>jcenter</id>
      <url>http://jcenter.bintray.com </url>
      <snapshots>
        <enabled>true</enabled>
        <updatePolicy>never</updatePolicy>
        <checksumPolicy>warn</checksumPolicy>
      </snapshots>
       <releases>
         <enabled>true</enabled>
         <checksumPolicy>warn</checksumPolicy>
      </releases>
   </repository>
</repositories> 

and

<dependency>
    <groupId>com.orange.clara.cloud.boot.ssl-truststore-gen</groupId>
    <artifactId>spring-boot-ssl-truststore-gen</artifactId>
    <version>2.0.21</version>
</dependency>

Next declare the certificate in your manifest.yml:

env:
    TRUSTED_CA_CERTIFICATE: |-
        -----BEGIN CERTIFICATE-----
        changeme
        -----END CERTIFICATE-----

That's it. When you cf push your application, the certificate will get added to the truststore.

Answer 2

You can push a packaged server to the Liberty buildpack. With the packaged server, you can package the cert and configure the server.xml accordingly (see https://www-01.ibm.com/support/knowledgecenter/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_sec_keystores.html). The server.xml will be part of the packaged server.

If you need to update the cert, the standard way in Bluemix Cloud Foundry runtime is to repush the application.