Hi
This article
(https://developers.redhat.com/blog/2017/11/22/dynamically-creating-java-keystores-openshift)
describes how to use the certificates generated by OpenShift in Java
application. There is an init container configured which imports the
pem base certificate into keystore which is necessary for Java.
The certificate/key pair is automatically replaced when it gets close to
expiration
(https://docs.openshift.com/container-platform/3.6/dev_guide/secrets.html#service-serving-certificate-secrets),
but I think only the tls.key and tls.crt part will be replaced. We need
a method to re-create the keystore for the new certificate (like in the
init container).
Do you know a mechanism we could use to detect the moment of certificate
replacement and perform the keystore re-creation?
Kindly regards
Krzysztof
--
Krzysztof Sobkowiak
JEE & OSS Architect, Integration Architect
Apache Software Foundation Member (http://apache.org/)
Apache ServiceMix Committer & PMC Member (http://servicemix.apache.org/)
Senior Delivery Architect @ Capgemini SSC
(http://www.capgeminisoftware.pl/)
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users