Configure Moderne DX with SSL certificate

If you are configuring the Moderne DX service to connect to a service that requires a self-signed certificate to perform an HTTPS request (e.g., Maven or Artifactory) you will need to:

Supply a KeyStore for the service to use in the PKCS12 format at the following location: ${JAVA_HOME}/lib/security/client_keystore.p12
Configure the service to skipSSL for this service (See the Artifactory or Maven service documentation)

Below are a few examples of creating the KeyStore in some common scenarios:

RUN openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys

openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-inkey <pathtocertfolder>/cert.key \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit

RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit

If you are running the service in an OCI container, you will need to create a new Dockerfile based on the Moderne DX service and supply the image with the KeyStore.

Example:

FROM moderne.azurecr.io/moderne-dev/moderne/moderne-dx:latest
USER root

COPY s2s-cert.pem ${JAVA_HOME}/lib/security/s2s-cert.pem

#Certifcate without keys
RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys

Nothing else needs to happen for the executable JAR flow other than ensuring the KeyStore has been added to the following location: ${JAVA_HOME}/lib/security/client_keystore.p12

java -jar moderne-dx-{version}.jar \
# ... Existing arguments

PreviousConfigure Moderne DX with strict recipe sources NextReferences

Last updated 1 month ago