Installing SSL certificates

You can install SSL certificates into HCL Compass, the HCL Compass Docker container, or into the HCL Compass Helm Chart to use with HCL SoFy.

Note: Use of the REST API server is not supported in an on premises environment, such as on Windows and Linux. To use the HCL Compass REST API server in a supported environment, deploy the HCL Compass REST API server to a Kubernetes environment. For more information, see Getting Started with HCL Compass on HCL SoFy.

Installing SSL Certificates to HCL Compass

  1. Copy the keystore.p12 file to the data folder that is located under your HCL Compass REST server distribution folder. You created the keystore.p12 file in Creating the SSL certificate.
  2. Update the application.properties file in the same location with the following changes: 
    server.ssl.key-store: file:data/keystore.p12 
server.ssl.key-store-password: YOUR_EXPORT_PASSWORD 
server.ssl.keyStoreType: PKCS12 
server.ssl.keyAlias: 1

Installing SSL Certificates to the HCL Compass Docker container

  1. Create a /path/to/your/data/ folder.
  2. Copy the keystore.p12 file to the /path/to/your/data/ folder.
  3. Run the docker run command with the following additional environment variables for password and key-alias. Mount the folder that you created in step 1. For example:
    docker run -d --name <container-name> -h <container-name> \ 
                ...... 
                --env SSL_PASSWORD=<key-store-password> \   
                --env SSL_KEY_ALIAS=<keyAlias number>   \ 
                -v /path/to/your/keystore/:/opt/hcl/ccm/compass/compass-rest-server-distribution/data/ssl 
                ...... 
                -p 8190:8190 <install-image-name>

Installing SSL Certificates to the HCL Compass Helm Chart

  1. Create a new folder named /path/to/your/keystore that contains the keystore.p12 file for installing an SSL certificate on HCL Compass pod container:
    $ mkdir /path/to/your/keystore
  2. Add the keystore.p12 file to the /path/to/your/keystore folder to a configMap named keystore-file.
    $ kubectl create cm keystore-file --from-file /path/to/your/keystore/keystore.p12 --namespace [namespace_name]
  3. Check to ensure that the keystore-file.configMap file has been created and that it contains the keystore.p12 file.
    $ kubectl get cm keystore-file -o yaml --namespace [namespace_name]
  4. Create a file named ssl.yaml. Set the SSL password, key-aliasMount and configMapName to keystore-file.
    hcl-compass:
  ssl:
    enabled: true
    password: ""
    keyAlias:  1
    configMapName: keystore-file