How to add a certificate to cacerts
Step by step
This procedure is valid for the docker environment, but it is not for Kubernetes.
How to add the Sync server certificate to the Java key store of Soffid console or Soffid PAM launcher.
1. Start by downloading the certificate from the Sync server:
a. Connect to https://<SYNC-SERVER>:1760/SAML/metadata.xml?tenant=<your-tenant>
To get the master's certificate:
https://iam-sync.soffidnet:1760/SAML/metadata.xml?tenant=master
To get a tenant's certificate:
https://iam-sync.soffidnet:1760/SAML/metadata.xml?tenant=demolab
b. Download the certificate:
2. Copy the certificate file to the container (Soffid Console or Soffid PAM Launcher):
Sample how to copy the file to the tmp folder:
sudo docker cp iam-sync.soffidnet iam-console:tmp
Sample how to copy the file to the root folder:
sudo docker cp iam-sync.soffidnet iam-console:/
3. Connect to the container
sudo docker exec -it iam-console /bin/bash
4. Import the certiticate:
keytool -import -file /tmp/iam-sync.soffidnet -cacerts
- password: changeit
- Trust this certificate? [no]: yes
- Certificate was added to Keystore
5. Restart the container
If you want to display the current certificate:
openssl s_client -connect iam-sync.soffidnet:1760 -showcert