domino-custom-certificates ConfigMap in the Kubernetes cluster’s default namespace. This ConfigMap must have a key named bundle with plaintext data of a certificate bundle in PEM format. If the bundle exists, then Domino uses certificates from this bundle to connect to the external services.
Domino supports the following certificate types:
Custom Certificate Authority (CA)Certificates that certify the other certificates issued under this authority. Self-signed certificates
Certificates that do not have a reference to the authority signing them. The bundle is formatted as a series of concatenated certificates in PEM format. You must have the line breaks around the lines:
/etc/ssl/certs/domino-custom.
Use custom certificates
If you must use custom certificates in a user session, such as to connect to internal Git servers from a Workspace command line, manually reference the certificates in/etc/ssl/certs/domino-custom. The following are some ways that you can do this:
-
Copy the certs from
/etc/ssl/certs/domino-customto/etc/ssl/certsin a compute environment pre-run script. -
Add a Java truststore option such as:
-Djavax.net.ssl.trustStore=/etc/ssl/certs/domino-custom/cacerts.p12 -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.trustStorePassword=changeme -
Add application-specific configurations such as setting the
GIT_SSL_CAINFOvariable for Git or passing the--cacertoption for Curl. You can also set these options at runtime or modify the relevant configuration files in the compute environment.