description |
---|
This page explains how to make Aidbox respect self-signed SSL certificates |
Sometimes it is necessary to make Aidbox respect self-signed certificates. For example, an identity provider may use a custom self-signed certificate and Aidbox receives SSL signature errors when sending HTTP requests to it.
To make Aidbox respect these certificates, you need to load the root certificates into the Aidbox docker image and make Java (JRE) respect them as well.
To install self-signed SSLs into Adibox docker image, you show build your own one. That image should
- Inherit the required Aidbox docker image
- Load necessary certificates to the image
- Install the certs into operation system and Java runtime
{% code title="Dockerfile" lineNumbers="true" %}
# ingeriting from Aidbox docker image
FROM healthsamurai/aidboxone:<YOUR_AIDBOX_VERSION_HERE>
# switching to the root user
USER root
# coping certificate into the docker filesystem
COPY root-ca-custom.pem /etc/ssl/certs/root-ca-custom.pem
# installing cert
RUN update-ca-certificates
# making Java respect loaded certificate
RUN keytool -import -storepass storepass_password -noprompt -alias root-ca-custom -cacerts -trustcacerts -file /etc/ssl/certs/root-ca-custom.pem
# switching back to the aidbox user
USER aidbox
{% endcode %}
To build your custom Aidbox docker image use the docker build command.
For example, the build command could look like this
docker build -t aidbox-with-certs:latest .