Hi Riaan,
I would take a different approach: to provide the additional trust
anchor certificates in a Java keystore file, privided by a ConfigMap,
and on startup check if the additional keystore file exists and either
use that instead of the system keystore file or merge the two and
configure Camel with the resulting keystore.
zoran
On Wed, Aug 7, 2019 at 11:29 AM Riaan Annandale <ria...@mundane.co.za> wrote:
>
> Hi guys
>
> I'm trying to speak to a staging environment that uses self-signed certs.
> This means that when I try connect I get:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> As I run my camel app in a container on openshift (more or less kubernetes)
> it's not trivial (I base this on feel, not facts) to add the cert to my
> container. I'd like to use something like the
> org.apache.http.conn.ssl.NoopHostnameVerifier() so that in staging I can just
> ignore the cert. But it doesn't look like it's actually using that method.
>
> Implementation looks as follows:
> main.bind("NoopForSelfsignedCerts", new
> org.apache.http.conn.ssl.NoopHostnameVerifier());
>
> and the https bit:
>
> .recipientList().simple("https4://" + System.getenv("someHost") +
> "/someURI/$simple{in.header.someId}?bridgeEndpoint=true&throwExceptionOnFailure=false&x509HostnameVerifier=
> NoopForSelfsignedCerts ");
>
> It still gives the same error
>
> Any thoughts/ suggestions?
>
> Thanks
> Riaan
--
Zoran Regvart
