Re: Making your landscape trust a certain certificate authority
Daniel Mikusa
A couple options...
toggle quoted message
Show quoted text
1.) If you only need the cert for one or a couple apps and / or you don't want to manage a fork, you can package the CA cert with the application. Then add a `.profile.d` script [1] that sets up the certificate that you packaged with the app. I don't have an example off-hand, but the .profile.d script could call keytool and import your ca cert or just move a keystore containing your ca cert from the app files and overwrite the JVM default. 2.) Write your application so that it can utilize it's own truststore. It's a little more work, but most things that use a truststore in the JVM allow you to customize the behavior specifying your own truststore. If the app were to do this, it could then expose a configuration option through which it's users could set their own truststore. Then users wouldn't need to depend on what certs are installed by default. Dan [1] - https://devcenter.heroku.com/articles/profiled (CF honors them too)
On Tue, Sep 29, 2015 at 4:50 PM, Mathias Essenpreis <esse(a)gmx.de> wrote:
Hi, |
|