Configuring custom certificate authority

Datasource requests

If you need to execute request to sources with custom authority then you need to configure the datasource container to use extra certificate. In Docker Compose deployments, it's essential to store the certificate as a file in the file system and then connect this file to the datasource container.

1. Place the necessary certificates in a directory linked as a volume for the datasource container. The following code example employs the ./ca directory.

2. Adjust the docker-compose.yaml file to enable the datasource container to link the ./ca directory as a volume:

datasource:
  container_name: datasource
  volumes:
    - ./ca:/usr/datasource/ca

3. Utilize the provided certificate from the volume by setting it in the NODE_EXTRA_CA_CERTS environment variable:

datasource:
  container_name: datasource    
  environment:
    - NODE_EXTRA_CA_CERTS=/usr/datasource/ca/certificate.pem 

Other requests

If your Single Sign-On (SSO) services or OAuth sources require the use of a custom certificate authority, you need to configure the bakery-back service.

1. Create a custom keystore on your host machine

keytool -genkey -keyalg RSA -keystore mybakerystore.jks

2. Import your certificate into the keystore

keytool -import -trustcacerts -keystore mybakerystore.jks -alias mycert -file file.cer

3. Update your docker-compose.yml file to include a volume for the bakery-back service, enabling it to access the custom keystore:

  bakery-back:
    container_name: bakery-back
    depends_on:
      db:
        condition: service_healthy
    image: cruibakeryonprem.azurecr.io/cloud/bakery-back:latest
    restart: always
    env_file: .env
    volumes:
    - ./keystore_folder:/usr/bakery/keystore_folder

4. Modify .env file to include the following environment variable setting:

JAVA_OPTS='-Djavax.net.ssl.trustStore=/usr/bakery/keystore_folder/mybakerystore.jks -Djavax.net.ssl.trustStorePassword=yourpassword'