Skip to main content

Hi All

I want to add certificate to ifsapp-iam pod from our ADFS server. It isn't public certificate.
I follow the documentation but without success:


https://docs.ifs.com/techdocs/23r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#specific_certificate_for_pods


I tried both options with "mycertfromfile" and "mycertintext" but it fails. I have still error message in ifsapp-iam logs:
2023-09-19 17:22:42,991 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-5) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Additionally at the top of log file I have message:
Using API to fetch certificates
/opt/ifs/get_certs.sh: line 50: $(sed -e 's/^"//' -e 's/"$//' <<< "$(echo -e "${split[0]}" | tr -d '[:space:]')"): ambiguous redirect
No certificates are loaded for ifsapp-iam-certs ..
Setting up the secrets

Do You have any idea how to import cert? Why get_certs.sh script fails? It is 22R2U6

 


It seems the cert is not passed to the ifsappiam container:
should look something like this:

ifsappiam:  
     certificates:  
        azureadcert: |  
           -----BEGIN CERTIFICATE-----   
           MIIDHzdIZ3+TSgCbI2tupJsv1FRWV3pMg3pdIGo7Ia   
           FyJKCqEj4rV/q7MW2a4JQJF8ykXixZ4YTLwi67VFMSfd2D516r1Xx2k617B+01dg  
           GRwQDY3H2NWh1QjBoyIOJKklLd/fEPzm+UU/JH8K/yBQdVZBaxw4KjU0xyqQFTd0   
           jhsIc1pqf2aVEsejwyNLhs9DnZyvzRBNsyvuVm//0gWV4OPDAa/i0BULgHnjJF2y   
           2M8H0QgLNafuaVxL2K6jArHg5JB1Qgkd7jxvmylwQhelfV86MmO9cy7f3gIRcX52   
           lU+UKetAgt4koD5opvDOzWtToavXGALzFjMxMN9iyGEfFf8=   
           -----END CERTIFICATE-----

 

Hi @hhanse 

It means that azureadcert is the unique certificate name?

Reply


Terms & ConditionsCookie settings