Camel-K: handle self-signed server certificates as a client

Companies sometimes use self-signed certificates internally in their systems. When building a Camel-K application we need to tell Camel to trust those certificates. I’m here going to show one solution in Java for this, using a truststore.

import org.apache.camel.builder.RouteBuilder;

public class MyHTTPClient extends RouteBuilder {

    public void configure() throws Exception {
        registerSslContextParameter(); // 4.

                       sslContextParameters=#mySSLContextParameters") // 5.

    private void registerSslContextParameter() throws Exception { // 1.
        KeyStoreParameters tsp = new KeyStoreParameters();
        tsp.setResource("/etc/ssl/truststore.jks"); // 2.

        TrustManagersParameters tmp = new TrustManagersParameters();

        SSLContextParameters sslContextParameters = new SSLContextParameters();

                 .bind("mySSLContextParameters", sslContextParameters); // 3.

The important parts:

  1. We need a place to create our SSL context – I like to put it in a separate function
  2. Path to the truststore that contain the self-signed certificate
  3. Register our new SSL context in the Camel register
  4. Call our function to set the new SSL context before our Camel flow
  5. Now we need to tell the Camel HTTP-component to use our new SSL context via the components url parameters

Run parameters

kamel run --resource file:truststore.jks@/etc/ssl/truststore.jks

Lastly we need to import the truststore into the Camle-K pod. Note that we place the truststore in /etc/ssl/ which is the same as above path (bullet point 2)

Tested on Apache Camel 3.19.0, Minikube v1.29.0 in Ubuntu 20.04 and Java 1.8.0_352

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

This site uses Akismet to reduce spam. Learn how your comment data is processed.