dimas-b commented on code in PR #3963: URL: https://github.com/apache/polaris/pull/3963#discussion_r2912171638
########## site/content/in-dev/unreleased/getting-started/deploying-polaris/storage-tls.md: ########## @@ -0,0 +1,61 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: Accessing Storage with TLS and Self-Signed Certificates +linkTitle: Storage with TLS +type: docs +weight: 300 +--- + +Sometimes the storage targeted by the Polaris Server is expected to be accessed over TLS but the +storage system's certificate does not have a trust chain leading to a well-known root. Often +such a certificate is simply self-signed. + +In this situation the JVM inside the Polaris Server will need to be configured with a custom +trust store containing the self-signed certificated or its CA certificate. + +The example below assumes using a self-signed certificate for storage and `docker` for running Polaris. + +# Creating a Custom Trust Store + +* Take an existing java trust store (with the usual root certificates) and make a local copy. +* Add the storage system's certificate to it. + +```shell +keytool -importcert -file STORAGE_CERT.pem -keystore cacerts Review Comment: Good point (and I had it in my local)... will add. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
