Skip to main content
Question

IFS CLOUD - Unable to upload certificate into the MW

  • September 19, 2023
  • 2 replies
  • 187 views
K
Superhero (Partner)
Forum|alt.badge.img+16

Hi All

I want to add certificate to ifsapp-iam pod from our ADFS server. It isn't public certificate.
I follow the documentation but without success:


https://docs.ifs.com/techdocs/23r1/070_remote_deploy/010_installing_fresh_system/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/#specific_certificate_for_pods


I tried both options with "mycertfromfile" and "mycertintext" but it fails. I have still error message in ifsapp-iam logs:
2023-09-19 17:22:42,991 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-5) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Additionally at the top of log file I have message:
Using API to fetch certificates
/opt/ifs/get_certs.sh: line 50: $(sed -e 's/^"//' -e 's/"$//' <<< "$(echo -e "${split[0]}" | tr -d '[:space:]')"): ambiguous redirect
No certificates are loaded for ifsapp-iam-certs ..
Setting up the secrets

Do You have any idea how to import cert? Why get_certs.sh script fails? It is 22R2U6

 

Piotr --> https://www.linkedin.com/in/piotr-skowronek-8425aa6/

2 replies

H
Hero (Employee)
Forum|alt.badge.img+10
  • hhanse
  • Hero (Employee)
  • 175 replies
  • September 20, 2023


It seems the cert is not passed to the ifsappiam container:
should look something like this:

ifsappiam:  
     certificates:  
        azureadcert: |  
           -----BEGIN CERTIFICATE-----   
           MIIDHzdIZ3+TSgCbI2tupJsv1FRWV3pMg3pdIGo7Ia   
           FyJKCqEj4rV/q7MW2a4JQJF8ykXixZ4YTLwi67VFMSfd2D516r1Xx2k617B+01dg  
           GRwQDY3H2NWh1QjBoyIOJKklLd/fEPzm+UU/JH8K/yBQdVZBaxw4KjU0xyqQFTd0   
           jhsIc1pqf2aVEsejwyNLhs9DnZyvzRBNsyvuVm//0gWV4OPDAa/i0BULgHnjJF2y   
           2M8H0QgLNafuaVxL2K6jArHg5JB1Qgkd7jxvmylwQhelfV86MmO9cy7f3gIRcX52   
           lU+UKetAgt4koD5opvDOzWtToavXGALzFjMxMN9iyGEfFf8=   
           -----END CERTIFICATE-----

 

K
Superhero (Partner)
Forum|alt.badge.img+16
  • knepiosko
  • Author
  • Superhero (Partner)
  • 402 replies
  • September 21, 2023

Hi @hhanse 

It means that azureadcert is the unique certificate name?

Piotr --> https://www.linkedin.com/in/piotr-skowronek-8425aa6/

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings