+1 to Christopher's response. Thanks! On Thu, Mar 23, 2017 at 5:41 PM, Christopher Jackson < [email protected]> wrote:
> Hi Jennifer, > > You need to add your self-signed certificate to the java keystore. It > should be added to the keystore of the java instance being used to run > Knox. This task isn’t really specific to knox but more so a common java > task. > > You can look online at the documentation for java keytool for specifics > but it would be something like this: > > keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass > changeme -alias <some-alias> -noprompt -file <some-cert> > > Regards, > Christopher Jackson > > > On Mar 23, 2017, at 4:01 PM, Jennifer Coston <[email protected]> > wrote: > > Hello Again, > > I am trying to determine how to configure Knox to talk to a web service > with a self-signed keystore (we are still in the early days of development) > over https. So in other words, I want my topology file to have this: > > <service> > <role>HELLOSERVICE</role> > <url>https://server.running.service:8447/demo</url> > </service> > > Instead of this: > > <service> > <role>HELLOSERVICE</role> > <url>http:// server.running.service:8088/demo</url> > </service> > > Can you please point me to some directions about how to go about doing > this? I thinking that I need to add the web service’s keystore to Knox’s > keystores so that it knows who it is talking to, but I’m not sure if there > is any additional configuration needed or how to go about adding a keystore > to Knox. I’ve found some diagrams online indicating that this should be > possible, but haven’t had any luck finding directions. > > Thank you! > > *Jennifer* > > >
