Companies sometimes use self-signed certificates internally in their systems. When building a Camel-K application we need to tell Camel to trust those certificates. I’m here going to show one solution in Java for this, using a truststore.
MyHTTPClient.java
import org.apache.camel.builder.RouteBuilder; import org.apache.camel.support.jsse.*; public class MyHTTPClient extends RouteBuilder { @Override public void configure() throws Exception { registerSslContextParameter(); // 4. from("timer:mytimer?repeatCount=1") .to("https://my.server.com/person? sslContextParameters=#mySSLContextParameters") // 5. .log("${body}"); } private void registerSslContextParameter() throws Exception { // 1. KeyStoreParameters tsp = new KeyStoreParameters(); tsp.setResource("/etc/ssl/truststore.jks"); // 2. tsp.setPassword("password"); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(tsp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setTrustManagers(tmp); this.getContext() .getRegistry() .bind("mySSLContextParameters", sslContextParameters); // 3. } }
The important parts:
- We need a place to create our SSL context – I like to put it in a separate function
- Path to the truststore that contain the self-signed certificate
- Register our new SSL context in the Camel register
- Call our function to set the new SSL context before our Camel flow
- Now we need to tell the Camel HTTP-component to use our new SSL context via the components url parameters
Run parameters
kamel run --resource file:truststore.jks@/etc/ssl/truststore.jks MyHTTPClient.java
Lastly we need to import the truststore into the Camle-K pod. Note that we place the truststore in /etc/ssl/ which is the same as above path (bullet point 2)
Tested on Apache Camel 3.19.0, Minikube v1.29.0 in Ubuntu 20.04 and Java 1.8.0_352
0 Comments.