Companies sometimes use self-signed certificates internally in their systems. When building a Camel-K application we need to tell Camel to trust those certificates. I’m here going to show one solution in Java for this, using a truststore.
MyHTTPClient.java
01 | import org.apache.camel.builder.RouteBuilder; |
02 | import org.apache.camel.support.jsse.*; |
04 | public class MyHTTPClient extends RouteBuilder { |
07 | public void configure() throws Exception { |
08 | registerSslContextParameter(); |
10 | from("timer:mytimer?repeatCount=1") |
12 | sslContextParameters=#mySSLContextParameters") |
16 | private void registerSslContextParameter() throws Exception { |
17 | KeyStoreParameters tsp = new KeyStoreParameters(); |
18 | tsp.setResource("/etc/ssl/truststore.jks"); |
19 | tsp.setPassword("password"); |
21 | TrustManagersParameters tmp = new TrustManagersParameters(); |
24 | SSLContextParameters sslContextParameters = new SSLContextParameters(); |
25 | sslContextParameters.setTrustManagers(tmp); |
29 | .bind("mySSLContextParameters", sslContextParameters); |
The important parts:
- We need a place to create our SSL context – I like to put it in a separate function
- Path to the truststore that contain the self-signed certificate
- Register our new SSL context in the Camel register
- Call our function to set the new SSL context before our Camel flow
- Now we need to tell the Camel HTTP-component to use our new SSL context via the components url parameters
Run parameters
1 | kamel run --resource file:truststore.jks@/etc/ssl/truststore.jks MyHTTPClient.java |
Lastly we need to import the truststore into the Camle-K pod. Note that we place the truststore in /etc/ssl/ which is the same as above path (bullet point 2)
Tested on Apache Camel 3.19.0, Minikube v1.29.0 in Ubuntu 20.04 and Java 1.8.0_352
