Home > front end >  Deploying a third-party TLS certificates on WebSphere Application Server on a Openshift POD
Deploying a third-party TLS certificates on WebSphere Application Server on a Openshift POD

Time:06-08

I have created an image of my TWAS application and deployed it in a container inside an openshift POD. In my TWAS ND I use to go to the admin console WebSphere environment truststore on a node on a virtual machine and set up TLS certificates so my application can have communication with external API's in the secure communication channel HTTPS. These certificates are public certificates and don't have any private keys. They are .crt and .pem files. Now I am wondering how I can set up my third-party TLS certificates for my application running inside the POD as a container? I don't want to make any code changes to my J2EE application which I have migrated from on-prem VM to Openshift.

Note: I am using TWAS base runtime here and not liberty for my newly migrated J2EE app on openshift.

CodePudding user response:

When you build your application image, you can add a trusted signer and a short script into /work/ prior to configure.sh

https://www.ibm.com/docs/en/was/9.0.5?topic=tool-signercertificatecommands-command-group-admintask-object#rxml_atsignercert__cmd1

AdminTask.addSignerCertificate('[-keyStoreName NodeDefaultTrustStore -certificateAlias signer1 -certificateFilePath /work/signer.pem -base64Encoded true]')
AdminConfig.save()

The root signer might not be either the pem/crt you have, those could be the issued certificate and the signers. WebSphere allows you to setup the trust at any level, but it's ideal to trust the root CA that issued the cert.

  • Related