Installing SSL certificates

You can install SSL certificates into HCL Compass, the HCL Compass Docker container, or into the HCL Compass Helm Chart to use with HCL SoFy.

Installing SSL Certificates to HCL Compass

  1. Copy the keystore.p12 file to the config folder that is located under your HCL Compass REST server distribution folder. You created the keystore.p12 file in Creating the SSL certificate.
  2. Update the application.properties file in the same location with the following changes: 
    server.ssl.key-store: file:config/keystore.p12 
server.ssl.key-store-password: YOUR_EXPORT_PASSWORD 
server.ssl.keyStoreType: PKCS12 
server.ssl.keyAlias: 1

Installing SSL Certificates to the HCL Compass Docker container

  1. Create a /path/to/your/config/ folder.
  2. Copy the keystore.p12 file to the /path/to/your/config/ folder.
  3. Run the docker run command with the following additional environment variables for password and key-alias. Mount the folder that you created in step 1. For example:
    docker run -d --name <container-name> -h <container-name> \ 
                ...... 
                --env SSL_PASSWORD=<key-store-password> \   
                --env SSL_KEY_ALIAS=<keyAlias number>   \ 
                -v /path/to/your/keystore/:/opt/hcl/ccm/compass/compass-rest-server-distribution/config/ssl 
                ...... 
                -p 8190:8190 <install-image-name>

Installing SSL Certificates to the HCL Compass Helm Chart

  1. Create a new folder named /path/to/your/keystore that contains the keystore.p12 file for installing an SSL certificate on HCL Compass pod container:
    $ mkdir /path/to/your/keystore
  2. Add the keystore.p12 file to the /path/to/your/keystore folder to a configMap named keystore-file.
    $ kubectl create cm keystore-file --from-file /path/to/your/keystore/keystore.p12 --namespace [namespace_name]
  3. Check to ensure that the keystore-file.configMap file has been created and that it contains the keystore.p12 file.
    $ kubectl get cm keystore-file -o yaml --namespace [namespace_name]
  4. Create a file named ssl.yaml. Set the SSL password, key-aliasMount and configMapName to keystore-file.
    hcl-compass:
  ssl:
    enabled: true
    password: ""
    keyAlias:  1
    configMapName: keystore-file