Obtain/Generate certificates

Regardless of the deployment approach, you need to obtain or generate a certificate, and import it into a Java Keystore.

Follow Configuring a Certificate Store for instructions on how to import an existing certificate into a Java Key Store, or even generate a Self signed certificate

Container based deployments

For container based deployments, configuring HTTPS is as easy as attaching a volume with the certificates, and setting up the right environment variables pointing to them.

Official image:

  • docker.repository.sca.accenture.com/docker/aspire:[VERSION]

Steps

  1. Create a volume containing the following files:
    • certificate.jks
    • certificateAuthority.crt (Optional, if the certificates are not trusted by the JVM) 


      docker volume create aspire_ssl_certs
      docker run -v aspire_ssl_certs:/ssl -u root --name temp_container busybox true
      docker cp /path/to/certificate.jks helpler:/ssl
      # (optional) 
      # docker cp /path/to/certificateAuthority.crt helpler:/ssl
      docker rm helper
  2. Mount the volume at any location in your container, for instance at /opt/aspire/ssl_certs

    docker run -d -v aspire_ssl_certs:/opt/aspire/ssl_certs \ 
      -p 50505:50505
      --env ASPIRE_SSL_KEYSTORE=/opt/aspire/ssl_certs/certificate.jks \
      --env ASPIRE_SSL_KEYSTORE_PASS=[your-JKS-passphrase] \
      --env ASPIRE_SSL_CA=/opt/aspire/ssl_certs/certificateAuthority.crt \
      --env aspire_security_https_only=true \
      --env com_accenture_aspire_server_hostname=aspire_manager
      --env ASPIRE_MANAGER_NODE=true
      --name aspire_manager docker.repository.sca.accenture.com/docker/aspire:5.1.1

    Starting a worker node just requires changing the ASPIRE_MANAGER_NODE to ASPIRE_WORKER_NODE .

    See Properties for all the different environment variables that can be set on Aspire
  3. Access aspire at https://localhost:50505/

On-premise deployments

Follow the steps at: Using Aspire via HTTPS


Make sure to add the following environment variable before starting the Aspire nodes:

aspire_security_https_only=true

com_accenture_aspire_server_hostname=node_hostname

The hostname variable is important as it Aspire will let other nodes know that's the hostname they should use in order to access it, and it must match the certificate for other nodes to be able to access it.