Open jcoste-orange opened 10 months ago
@jcoste-orange Thanks for reaching out ! can you share more information with an example
Our S3 server is using a self signed certificate. So we have to store the certificate in /opt/jfrog/artifactory/var/etc/security/keys/trusted/.
Today we have to patch the role to add a task like this :
- name: copy custom cert
become: true
ansible.builtin.copy:
src: "<local_custom_cert.crt>"
dest: "/opt/jfrog/artifactory/var/etc/security/keys/trusted/custom.crt"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: 0600
remote_src: true
The variables to do this are documentented in this README.md
If you install your own certs, then you can set any path to the key and cert, and set the boolean ssl_certificate_install: false
. I prefer to use a subdir under /etc/pki/tls
, and not in the product directory.
No, ssl_certificate_install is to install the certificate that will be used (exposed) by NGinx. What we need is [this] (https://jfrog.com/help/r/artifactory-how-to-debug-ssl-issues-with-artifactory/what-is-the-process-for-importing-ssl-certificates-into-the-jvm-keystore). So I need to be able to put some certificates in /opt/jfrog/artifactory/var/etc/security/keys/trusted/
Ok, clear. You could deploy with this variable, and start it after you placed the cert there:
artifactory_start_service: false
Is this a BUG REPORT or FEATURE REQUEST? (choose one): FEATURE REQUEST
Which installer: Ansible
Which product and version (eg: ansible & collection version - 7.24.2): Artifactory 7.71.10
Which operating system and version(eg: ubuntu & version - 20.4): Ubuntu 20.04
Which product license (Enterprise/Pro): Enterprise
JFrog support reference (if already raised with support team):
What happened: I need to configure a trusted certificate to access an internal S3 server for my binary store. I can't configure it before playing the artifactory role (as folders are not yet created). If I run the role, Artifactory tries to start and fails as it can't access to the S3 server.
What you expected to happen: It would be nice to be able to configure custom trustes certificates in the artifactory role.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know: