Add Custom Certificates to ESS Services

In some cases, you may need to add custom certificates to the ESS services’ trust store. For example, you may need to add custom certificates to allow ESS services to communicate with services that do not use typical certificate authorities.

Example Customization

The following kustomization uses the Inrupt-provided load-custom-cert.yaml to add a custom certificate (named custom.crt in the example) from a ConfigMap when pods start running.

1. Download the load-custom-cert.yaml to a temp directory.

   Copy

   cd $(mktemp -d)
   docker run --rm -v $(pwd):/cert-example/ docker.software.inrupt.com/inrupt-kustomizer:2.7.0 cp -R /release/ess/deployment/kubernetes/components/openid-custom-certificate/ /cert-example/

2. From the temp directory, copy the downloaded load-custom-cert.yaml to the ESS installation directory.

   Copy

   cp openid-custom-certificate/load-custom-cert.yaml ${HOME}/ess/

   If saving to a directory different from the ESS installation directory, update the path to load-custom-cert.yaml in the kustomization.yaml step below.

3. Go to your ESS installation directory:

   Copy

   cd ${HOME}/ess

4. Save your custom certificate in a file named custom.crt .

5. Modify the kustomization.yaml (i.e., step 3 of the Applying Your Customizations procedure). Specifically, add the highlighted content to the kustomization.yaml file under the patches key and configMapGenerator key:

1. Continue with the rest of the Applying Your Customizations procedure.