Certificate management for non-Java applications

john mcteague <john.mcteague@...>

Previous threads have focused on adding a trusted CA to the JDK's trust
store at application startup, a pattern that I have employed also.

We are facing increased demand from our non-Java developers to have the
same functionality. Whether it be custom CA's, certs for authentication
(against something like MQ for example) or for our internal LDAP server
which requires ldaps, we need a way to add user defined certificates at app
deploy time based on user requirements.

My work with Java buildpacks has resulted in a certificate as a service
style function; declare which cert from a certificate store should be
injected into the app at runtime. What I lack for non-java runtimes is a
reliable way to get those certs into the correct linux container directory
either during staging or at app startup.

Have others been able to establish a pattern around this? Without this
abiity we go from a polygot platform to simply Java only.


Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.