Self-signed SSL certificates

This page explains how to make Aidbox respect self-signed SSL certificates

Problem

Sometimes it is necessary to make Aidbox respect self-signed certificates. For example, an identity provider may use a custom self-signed certificate and Aidbox receives SSL signature errors when sending HTTP requests to it.

Solution

To make Aidbox respect these certificates, you need to load the root certificates into the Aidbox docker image and make Java (JRE) respect them as well.

How to install custom SSL into Aidbox docker image

To install self-signed SSLs into Adibox docker image, you show build your own one. That image should

Inherit the required Aidbox docker image
Load necessary certificates to the image
Install the certs into operation system and Java runtime

Dockerfile

# ingeriting from Aidbox docker image
FROM healthsamurai/aidboxone:<YOUR_AIDBOX_VERSION_HERE>

# switching to the root user
USER root 

# coping certificate into the docker filesystem
COPY root-ca-custom.pem /etc/ssl/certs/root-ca-custom.pem

# installing cert
RUN update-ca-certificates

# making Java respect loaded certificate
RUN keytool -import -storepass storepass_password -noprompt -alias root-ca-custom -cacerts -trustcacerts -file /etc/ssl/certs/root-ca-custom.pem

# switching back to the aidbox user
USER aidbox

Build docker image

To build your custom Aidbox docker image use the docker .

For example, the build command could look like this

docker build -t aidbox-with-certs:latest .

PreviousHighly Available Aidbox NextRun Aidbox on managed PostgreSQL

Last updated 1 year ago

Was this helpful?