0

In my org we have services that use self-signed SSL certificates. When I want to connect to these services from a dockerized Java application running on Kubernetes I need to provide the public key of those services to the Java TrustStore, otherwise I get a SSLHandshakeException.

I see two options to provide those public keys to the Java TrustStore:

  1. Incorporate the public key in the Dockerfile
  2. Provide the public key as ConfigMap and mount it as a volume to a container (see this answer)

Are there any other options? In my opinion option 2 would be more flexible as I wouldn't have to rebuild the docker image when I need to replace the public key and I wouldn't have to modify all Dockerfiles of services that connect to the services with the self-signed certificates, or am I missing something?

user15110545
  • 77
  • 5
  • You could use a `Secret`, which basically is a `ConfigMap` with values encoded in base64. – deHaar Jun 28 '23 at 10:12
  • "I need to provide the public key": no you don't. The public key by itself proves nothing. You need to provide the entire certificate, and you need to make the `*private* key accessible to the code that sends the certificate. – user207421 Jun 28 '23 at 12:10

0 Answers0