cameleer-server

cameleer/cameleer-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
hsiegeln	1539c7a67b	fix: import /certs/ca.pem into JVM truststore at startup All checks were successful CI / cleanup-branch (push) Has been skipped Details CI / build (push) Successful in 1m13s Details CI / docker (push) Successful in 1m3s Details CI / deploy-feature (push) Has been skipped Details CI / deploy (push) Successful in 37s Details The server container mounts the platform's certs volume at /certs but the CA bundle was never imported into the JVM truststore. OIDC discovery failed with PKIX path building errors when a self-signed or custom CA was in use. The new entrypoint script splits the PEM bundle and imports each cert via keytool before starting the app. This makes the conditional CAMELEER_OIDC_TLS_SKIP_VERIFY logic in the SaaS provisioner work correctly: when ca.pem exists, the JVM now actually trusts it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 11:31:26 +02:00

Author

SHA1

Message

Date

hsiegeln

1539c7a67b

fix: import /certs/ca.pem into JVM truststore at startup

CI / cleanup-branch (push) Has been skipped

Details

CI / build (push) Successful in 1m13s

Details

CI / docker (push) Successful in 1m3s

Details

CI / deploy-feature (push) Has been skipped

Details

CI / deploy (push) Successful in 37s

Details

The server container mounts the platform's certs volume at /certs but
the CA bundle was never imported into the JVM truststore. OIDC discovery
failed with PKIX path building errors when a self-signed or custom CA
was in use.

The new entrypoint script splits the PEM bundle and imports each cert
via keytool before starting the app. This makes the conditional
CAMELEER_OIDC_TLS_SKIP_VERIFY logic in the SaaS provisioner work
correctly: when ca.pem exists, the JVM now actually trusts it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-11 11:31:26 +02:00

1 Commits