Companies sometimes use self-signed certificates internally in their systems. When building a Camel-K application we need to tell Camel to trust those certificates. I’m here going to show one solution in Java for this, using a truststore.
MyHTTPClient.java
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.support.jsse.*;
public class MyHTTPClient extends RouteBuilder {
@Override
public void configure() throws Exception {
registerSslContextParameter(); // 4.
from("timer:mytimer?repeatCount=1")
.to("https://my.server.com/person?
sslContextParameters=#mySSLContextParameters") // 5.
.log("${body}");
}
private void registerSslContextParameter() throws Exception { // 1.
KeyStoreParameters tsp = new KeyStoreParameters();
tsp.setResource("/etc/ssl/truststore.jks"); // 2.
tsp.setPassword("password");
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(tsp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setTrustManagers(tmp);
this.getContext()
.getRegistry()
.bind("mySSLContextParameters", sslContextParameters); // 3.
}
}
The important parts:
- We need a place to create our SSL context – I like to put it in a separate function
- Path to the truststore that contain the self-signed certificate
- Register our new SSL context in the Camel register
- Call our function to set the new SSL context before our Camel flow
- Now we need to tell the Camel HTTP-component to use our new SSL context via the components url parameters
Run parameters
kamel run --resource file:truststore.jks@/etc/ssl/truststore.jks MyHTTPClient.java
Lastly we need to import the truststore into the Camle-K pod. Note that we place the truststore in /etc/ssl/ which is the same as above path (bullet point 2)
Tested on Apache Camel 3.19.0, Minikube v1.29.0 in Ubuntu 20.04 and Java 1.8.0_352
