Hi Jennifer, You need to add your self-signed certificate to the java keystore. It should be added to the keystore of the java instance being used to run Knox. This task isn’t really specific to knox but more so a common java task.
You can look online at the documentation for java keytool for specifics but it would be something like this: keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeme -alias <some-alias> -noprompt -file <some-cert> Regards, Christopher Jackson > On Mar 23, 2017, at 4:01 PM, Jennifer Coston <[email protected]> > wrote: > > Hello Again, > > I am trying to determine how to configure Knox to talk to a web service with > a self-signed keystore (we are still in the early days of development) over > https. So in other words, I want my topology file to have this: > > <service> > <role>HELLOSERVICE</role> > <url>https://server.running.service:8447/demo</url> > <https://server.running.service:8447/demo%3C/url%3E> > </service> > > Instead of this: > > <service> > <role>HELLOSERVICE</role> > <url>http:// server.running.service:8088/demo</url> > </service> > > Can you please point me to some directions about how to go about doing this? > I thinking that I need to add the web service’s keystore to Knox’s keystores > so that it knows who it is talking to, but I’m not sure if there is any > additional configuration needed or how to go about adding a keystore to Knox. > I’ve found some diagrams online indicating that this should be possible, but > haven’t had any luck finding directions. > > Thank you! > > Jennifer
