I have an application (java, tomcat) which throws an error when we use https in the openshift route to access it
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Of course, there is a way of modifying a deployment to somehow inject certificates into the java’s cacerts store exactly in every pod but this is not an option here, since we do not have a possibility to do this
I wonder, is there a way of creating a K8 object with certificates that can be spread over all the pods in the cluster so they can use the certificate and trust it so the communication can be securely established?
I tired to configure a custom PKI in OpenShift cluster but this did not help. I tired using cert-manager either with self-signed way or CA way - did not help, I tried openshift-acme but it could not create a certificate due to multiple errors (mostly due to the situation that it was not able to expose a temporarily route to validate it in ACME’s servers)
I wonder is there a way of creating/using a certificate in K8/OpenShift cluster so it can be injected in every pod/deployment so JVM can understand how to find the way to trust it? Or it’s not possible at all nd all the certificates should be installed in every pod’s cacerts store individually?