Enabling trust between the server and the object storage

How to

When working with a cloud object storage such as Amazon S3, Google, and Microsoft Azure, it might be that your server is already configured to trust their public CA. If so, skip to step 5.

If you are working with an on-premises storage device, it is assumed that the target object storage certificate was already signed with the organizational certificate authority (CA) and that CA needs to be added to the trusted certificate authorities file.

To enable trust between the server and the object storage

1. Upload the organizational CA certificate file to the management server in a PEM format.

2. Clone a truststore from within the container by using the following command: 

   docker cp model9.v<v.r.m>:/opt/java/openjdk/jre/lib/security/cacerts $MODEL9_HOME/keys/cacerts

3. Import the storage certificate into the truststore as a trusted certificate:

   keytool -import -trustcacerts -keystore /data/model9/keys/cacerts -storepass changeit -noprompt -alias rootCA -file '/path/root CA file'

   If you are asked the question Trust this certificate? answer YES.

4.  Add the following parameter to the model9.env file: 

   CATALINA_OPTS="-Djavax.net.ssl.trustStore=/model9/keys/cacerts"

5.  Add the following parameter to the model9-local.yml file: 

   model9.objstore.endpoint.no.verify.ssl:false

6. Stop and remove the container: 

   docker stop model9.v<v.r.m>
   docker rm model9.v<v.r.m>
7. Start the container by using the docker run command in the Installing the management server topic.