Skip to main content

Configure an agent with client SSL certificates

If you are configuring the Moderne agent to connect to a service that requires a self-signed certificate to perform a HTTPS request (e.g., Maven or Artifactory) you will need to:

  • Supply a KeyStore for the agent to use in the PKCS12 format at the following location: ${JAVA_HOME}/lib/security/client_keystore.p12
  • Configure the agent to skipSSL for this service (See the Artifactory or Maven agent documentation)

Below are a few examples of creating the KeyStore in some common scenarios:

RUN openssl pkcs12 -export \
-in <pathtocertfolder>/cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys

If you are running the agent in an OCI container, you will need to create a new Dockerfile based on the Moderne agent and supply the image with the KeyStore.

Example:

FROM moderne.azurecr.io/moderne-dev/moderne/moderne-agent:latest
USER root

COPY s2s-cert.pem ${JAVA_HOME}/lib/security/s2s-cert.pem

#Certifcate without keys
RUN openssl pkcs12 -export \
-in ${JAVA_HOME}/lib/security/s2s-cert.pem \
-out ${JAVA_HOME}/lib/security/client_keystore.p12 \
-name ssl_cert \
-passout pass:changeit \
-nokeys