0

We have a requirement to store custom Java trust store file in S3 bucket and have various applications refer that common trust store by using JVM argument-Djavax.net.ssl.trustStore

Giving S3 bucket location is not working for us

Djavax.net.ssl.trustStore=<s3 bucket location for Java trust store path>

All the apps are containerized and we have set above JVM parameters in docker file.

Gaurav Chhabra
  • 1
  • 2
  • Yeah, the JVM does not know S3 and has no idea what to do with that url. Instead you should download the file first, store it somewhere locally and then set the property pointing to the local file. Alternatively not sure if that works let the application itself download the trust store and set its own system property after it downloaded and stored the file somewhere. – luk2302 Jun 27 '22 at 13:52
  • Thanks for quick response. Even I was doubting that JVM can't refer external S3 bucket location. Problem of not using the trust store file within the application code is we have a lot of apps so we want to decouple the application code for TLS cert management – Gaurav Chhabra Jun 27 '22 at 13:57
  • Please provide enough code so others can better understand or reproduce the problem. – Richard Duerr Jun 27 '22 at 20:55
  • We are using AWS environment. There are 2 apps: app1 and app2. app1 invokes app2 over https protocol. We created a custom java trust store, imported the ,certificate of app2 in the trust store, placed the trust store in s3 bucket. In app1 docker file, we added JVM arguments to refer S3 trust store file which is not working. Adding the dockerfile content below: – Gaurav Chhabra Jun 28 '22 at 10:08
  • `FROM adoptopenjdk/openjdk11:alpine RUN apk --no-cahce add aws-cli ARG AWS_KEY ARG AWS_SECRET_KEY ARG AWS_REGION='us-east-1' RUN aws configure set aws_access_key_id $AWS_KEY \ && aws configure set aws_secret_access_key $AWS_SECRET_KEY \ && aws configure set default.region $AWS_REGION COPY app.jar /usr/app/ WORKDIR /usr/app/ RUN sh -c 'touch app1.jar' ENTRYPOINT ["java","-Djavax.net.ssl.trustStore=","- Djavax.net.ssl.trsutStorePassword=changeit","-jar","app1.jar"]` – Gaurav Chhabra Jun 28 '22 at 10:09

0 Answers0