- You have certificates for all your core systems. If not, follow the Certificate guide first.
- Check you have all the necessary certificates
- Edit your property file
- Overwrite the Secure Mode properties
- Edit your docker-compose.yml
- Mount the certificates as a volume to the containers
Please make sure, you have already generated the certificates you wish to use.
Open the Core Systems application.properties file with your favorite editor.
Scroll down to the Secure Mode part of the properties file and edit:
server.ssl-key-storeproperty
By default its value is: classpath:certificates/service_registry.p12, it means it will search for the certificate inside the JAR file, we have to change it to file:<your_certificate_name.extension (ex.: file:service_registry.p12). This means, when the application starts up, it will load the certificate from the same folder as the JAR.
server.ssl.key-store-typeproperty
If your file is not a p12 file, change it accordingly
server.ssl.key-store-passwordproperty
You should really not use the default password. Hopefully you used a different password when generating the certificate.
Open the docker-compose.yml file with your favorite editor.
Mount the certificate file as a volume inside the container.
The syntax is: - outside_path/outside_certificate.name:inside_path/inside_certificate.name
In the image you can see two examples. I'll explain the first one.
- ./tmit_certs/service_registry.p12:/serviceregistry/service_registry.p12
In Step 1 we saw that our certificates were inside a folder called tmit_certs. We are mounting the service_registry.p12 file from the tmit_certs folder on the host machine inside the Docker Container into the serviceregistry folder under the name of service_registry.p12
Note: The certificate name you specified in Step 3 MUST match the
inside_certificate.namespecified in Step 5, otherwise it won't work.