idiots guide to keystores and truststores (microprofile)

oladslw

I'm taking my first major stab at keystores and It is not as simple to workout as it reads at high level.

My use case:

Implement MTLS for java microservices A and B using microprofile (e.g. helidon mp 2x.)

Microservice A is deployed to a Kubernetes cluster behind an nginx ingress controller with a wild card TLS certificate applied for domain *.myapps.com .

Microservice A is accessible via https://apps.myapps.com/microservicea/api/dosomething

No explicit SSL configuration has been applied in Microservice A's config files thus internally it is running in Non SSL mode.

Microservice B is in development and running on my development pc.

Microservice B has a rest client to microservice B https://apps.myapps.com/microservicea/api/dosomething

I have the .crt and .key files for *.myapps.com

Question:

What steps do I need to take to ensure both microservices have the necessary certificates to communicate with each other and get past the SSL handshake exceptions?

oladslw

My Rest Client was the root cause of the handshake exceptions. There was an annotation which should not be present @ path.

The services now communicate as expected.