# Configuring custom certificate authority ## Datasource requests If you need to execute request to sources with custom authority then you need to configure the datasource container to use extra certificate. In Docker Compose deployments, it's essential to store the certificate as a file in the file system and then connect this file to the `datasource` container. 1\. Place the necessary certificates in a directory linked as a volume for the `datasource` container. The following code example employs the `./ca` directory. 2\. Adjust the `docker-compose.yaml` file to enable the `datasource` container to link the `./ca` directory as a volume: ``` datasource: container_name: datasource volumes: - ./ca:/usr/datasource/ca ``` 3\. Utilize the provided certificate from the volume by setting it in the `NODE_EXTRA_CA_CERTS` environment variable: ``` datasource: container_name: datasource environment: - NODE_EXTRA_CA_CERTS=/usr/datasource/ca/certificate.pem ``` ## Other requests If your Single Sign-On (SSO) services or OAuth sources require the use of a custom certificate authority, you need to configure the `bakery-back` service. 1\. Create a custom `keystore` on your host machine ``` keytool -genkey -keyalg RSA -keystore mybakerystore.jks ``` 2\. Import your certificate into the keystore ``` keytool -import -trustcacerts -keystore mybakerystore.jks -alias mycert -file file.cer ``` 3\. Update your `docker-compose.yml` file to include a volume for the `bakery-back` service, enabling it to access the custom keystore: ``` bakery-back: container_name: bakery-back depends_on: db: condition: service_healthy image: cruibakeryonprem.azurecr.io/cloud/bakery-back:latest restart: always env_file: .env volumes: - ./keystore_folder:/usr/bakery/keystore_folder ``` 4\. Modify `.env` file to include the following environment variable setting: ``` JAVA_OPTS='-Djavax.net.ssl.trustStore=/usr/bakery/keystore_folder/mybakerystore.jks -Djavax.net.ssl.trustStorePassword=yourpassword' ```