Installing SSL certificates
You can install SSL certificates into HCL Compass, the HCL Compass Docker container, or into the HCL Compass Helm Chart to use with HCL SoFy.
Note: Use of the REST API server is not supported in an on premises environment,
such as on Windows and Linux. To use the HCL Compass REST API server in a supported environment,
deploy the HCL Compass REST API server to a Kubernetes environment. For more information, see
Getting Started with HCL Compass on HCL SoFy.
Installing SSL Certificates to HCL Compass
- Copy the keystore.p12 file to the data folder that is located under your HCL Compass REST server distribution folder. You created the keystore.p12 file in Creating the SSL certificate.
- Update the application.properties file in the
same location with the following changes:
server.ssl.key-store: file:data/keystore.p12 server.ssl.key-store-password: YOUR_EXPORT_PASSWORD server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias: 1
Installing SSL Certificates to the HCL Compass Docker container
- Create a /path/to/your/data/ folder.
- Copy the keystore.p12 file to the /path/to/your/data/ folder.
- Run the docker run command with the following additional
environment variables for password and key-alias.
Mount the folder that you created in step 1. For
example:
docker run -d --name <container-name> -h <container-name> \ ...... --env SSL_PASSWORD=<key-store-password> \ --env SSL_KEY_ALIAS=<keyAlias number> \ -v /path/to/your/keystore/:/opt/hcl/ccm/compass/compass-rest-server-distribution/data/ssl ...... -p 8190:8190 <install-image-name>
Installing SSL Certificates to the HCL Compass Helm Chart
- Create a new folder named /path/to/your/keystore
that contains the keystore.p12 file for
installing an SSL certificate on HCL Compass pod
container:
$ mkdir /path/to/your/keystore
- Add the
keystore.p12
file to the /path/to/your/keystore folder to a configMap namedkeystore-file
.$ kubectl create cm keystore-file --from-file /path/to/your/keystore/keystore.p12 --namespace [namespace_name]
- Check to ensure that the
keystore-file.configMap
file has been created and that it contains thekeystore.p12
file.$ kubectl get cm keystore-file -o yaml --namespace [namespace_name]
- Create a file named ssl.yaml. Set the SSL password,
key-aliasMount and configMapName to
keystore-file
.hcl-compass: ssl: enabled: true password: "" keyAlias: 1 configMapName: keystore-file