Support self-signed certificates
Opened this issue · 0 comments
Many DIC have their own certificate authorities (CAs), which are not supported by a standard java installation.
The aktin client component should be changed to apply ca certs to a java-cacerts truststore on startup in the Dockerfile via a docker-entrypoint.sh and the application should then startup with this specific trutstore.
All ca certificates in a respective folder should then be added to the truststore.
As this is needed for all our components an example implementation of this can be found here:
https://github.com/medizininformatik-initiative/flare/blob/develop/Dockerfile
https://github.com/medizininformatik-initiative/flare/blob/develop/docker-entrypoint.sh
https://github.com/medizininformatik-initiative/flare/blob/develop/README.md#support-for-self-signed-certificates
To test your implmentation:
Add your own CA certs to the backend and use the generated do certs for your nginx in front of a blaze FHIR server or a FLARE server of the feasibility deploy repo.
The easiest way to test this is to start the feasibility-triangle locally with a cert (and key) in the auth folder of the triangle.
https://github.com/medizininformatik-initiative/feasibility-deploy/tree/main/feasibility-triangle
Then start your new backend version in a docker container in the same project (-p param for docker compose) and connect to the nginx of the triangle inside the docker network - note the domain name would have to be the docker internal one
feasibility-triangle-nginx and the FLARE will have to connect to the nginx on port 8443.