3

is there a way to configure mTLS in Helidon MP without saving the following to disk?

  • server.sockets.0.tls.trust.keystore-path
  • server.sockets.0.tls.private-key.keystore-path
  • client.tls.client.keystore-path

If we have these certificates as a Java object is there a way to pass those to the Helidon server? I am using Helidon MP 2.3.1

I have tried configuring it with certificates on disk but I would like to avoid that.

Nathan
  • 8,093
  • 8
  • 50
  • 76
Mirtunjay Singh
  • 43
  • 3

1 Answers1

1

From David Kral, there is no "easy" way to do this. Basically there are two possible options for you.

  • It is possible to create a new config with runtime created ConfigSource and instead of setting resource.resource-path one could use resource.content . The value here is Base64 encoded resource value. That means, you can store obtained certificate there.
  • Alternatively, you could create your own CDI extension. Inject ServerCdiExtension there and create initialization method (Similar to how ServerCdiExtension#startServer method looks like in terms of parameters). In this method you can obtain WebServer.Builder from injected ServerCdiExtension instance and it is possible to set Tls configuration the way you want it to be set. It is important to note, this extension has to have higher priority over theServerCdiExtension .
Arjav Desai
  • 21
  • 2
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 21 '23 at 01:33