pivotal-david-osullivan
commented
2 years ago This seems to be out of scope for this library, however there is a detailed list of options for achieving this outlined in this answer: https://stackoverflow.com/questions/62470180/how-to-add-truststore-and-keystore-to-a-springboot-app-in-pcfpivotal-cloud-foun/62508063#62508063
I think it is not too uncommon, that applications require custom root CAs or client certificates for mTLS. There is AFAIK no straight forward and cloud native way to do so on cloud foundry and the java buildpack. Most common the answer is to package the keystore with the application and configure the env
JAVA_OPTS: -Djavax.net.ssl.keyStore=$HOME/app/META-INF/extra-files/keystore.The thing that gets closest is https://github.com/vmwarepivotallabs/keystore-utility, but it is read from a "normal" env var, rather a bound service and isn't available as a maintained maven dependency.
Hence the proposal to add this functionality to java-cfenv.