How-to Trust internal CA through Operator ?
piellick opened this issue · 1 comments
Hi team,
When using internal services with TLS authentication, we are facing problems with integrating of our root certificate. What would be the best solution?
1st case where this is a problem, using an internal smtp with TLS for email notifications on Opensearch Dashboard:
EmailException javax.mail.MessagingException: Could not convert socket to TLS; │
│ nested exception is: │
│ javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We tried the use general.keystore
with our CA Cert inside a secret without conclusive result:
general:
# ...
keystore:
- secret:
name: internal-root-ca
keyMappings:
ca.crt: ca.crt
Using initContainer
would be the solution?
Thanks a lot
[Triage]
Hey @piellick if I'm not wrong you trying to connect to an smtp server through dashboards pod and you end up this PKIX error? If so you can try add the root CA cert, by the way did you try with keytool
manually inside the pod to update the cacerts?
https://docs.microfocus.com/SM/9.41/Classic/Content/security/tasks/update_the_cacerts_keystore_file.htm