How to import a custom CA certificate into Hyperglance's truststore

STEP BY STEP GUIDE:

1) Copy your root CA certificate pem file from your local computer to /var/lib/data/hyperglance/ on the Hyperglance system.

2) Gain terminal access (SSH) to the Hyperglance instance/VM to run the following commands...

3) Copy Java's default cacerts file out from the container:

sudo docker cp wildfly:/opt/wildfly/java/lib/security/cacerts /var/lib/data/hyperglance/

4) Ensure the file is owned by the wildfly user:

sudo chown wildfly:wildfly /var/lib/data/hyperglance/cacerts

5) Sanity check.  List the directory and make sure you see a cacerts file and your root CA certificate and that cacerts is owned by wildfly:

ls -la /var/lib/data/hyperglance

6) Add your pem file to the cacerts truststore.

If your root CA file is not called rootca.pem then adjust the the -v mapping in the command accordingly.

If you are running this multiple times to add more than one cert then give each one a unique alias.

sudo docker run --rm \
  -v "/var/lib/data/hyperglance/cacerts:/tmp/cacerts" \
  -v "/var/lib/data/hyperglance/rootca.pem:/tmp/custom.crt" \
  --user root --entrypoint bash \
  hyperglance/wildfly-v2 -c "\
    /opt/wildfly/java/bin/keytool \
      -importcert -trustcacerts -noprompt \
      -keystore /tmp/cacerts \
      -storepass changeit \
      -alias hyperglance-user-added-ca \
      -file /tmp/custom.crt"

After running this command you should see this message:

Certificate was added to keystore

7) Add a volume mapping for your cacerts truststore:

echo "      - /var/lib/data/hyperglance/cacerts:/opt/wildfly/java/lib/security/cacerts:ro" | sudo tee -a /etc/docker-compose.yml

8) Update the service (Note: Hyperglance will restart and re-ingest all data)

sudo docker-compose -f /etc/docker-compose.yml up -d

Hyperglance will now be using your new CA root certificate.