How to Add a Self-signed Root Certificate to the VERA API Docker Container

Owned by HB Farris
Last updated: Feb 29, 2024 by John Berek
2 min read

The following procedure will need to be repeated with any containers that need to access any system using the the self-signed SSL certificate. For our default configuration, these are the containers that will need to be updated:

  • vera.server

  • vera.api.jira.routeactions*

  • vera.api.qtest.routeactions*

  • vera.worker.qtest**

  • vera.worker.jira**

*Note: You only need to add the root certificates here if you plan on setting these containers to use SSL. If SSL is handled by a gateway or load balancer, then the root certificate doesn’t need to be added to these containers.

**Note: You only need to add the root certificates here if you are using on prem qTest or Jira that uses your self-signed certificates. SaaS qTest and Jira Cloud will not need these root certificates for Vera to talk with them.

 

Typically, the microservices are configured to communicate with each other over non-SSL HTTP traffic (on port 80). If you configure the docker-compose.yml file to use HTTPS for inter-module communications, then the steps below will need to be repeated for every container.

Step 1: Stage a copy of the root certificate

  1. Create a new directory on the server hosting the VERA Docker containers. This can be in any location where Docker will have access permissions.

  2. Stage a copy of your self-signed root certificate into the folder created above.

    Example

    /path/to/my/cert/my-root-certificate.crt

Important

The certificate must be in a CRT format.

Step 2: Create a start-up script for the VERA API server

  1. Create a new bash script for each container being updated (you will need three or more files) – e.g. startVeraServer.sh – with the following contents:

    start.sh

    #!/bin/bash update-ca-certificates dotnet Vera.Server.dll #dotnet Vera.Api.QTest.RouteActions.dll #dotnet Vera.Api.Jira.RouteActions.dll #dotnet Vera.Worker.QTest.dll #dotnet Vera.Worker.Jira.dll

  1. Stage the script files into the same directory as the self-signed root certificate (from Step 1).

    Example

    /path/to/my/cert/startVeraServer.sh /path/to/my/cert/startVeraQTestActions.sh /path/to/my/cert/startVeraJiraActions.sh /path/to/my/cert/startVeraqTestWorker.sh /path/to/my/cert/startVeraJiraWorker.sh

  2. Use chmod to apply executable permissions to the script file.

    Example

Step 3: Update VERA's Docker Compose file

  1. Navigate to VERA's installation directory.

  2. Open the docker-compose.yml file in a text editor.

  3. Add a volume binding for each affected container to binds the directory created in step 1 to /usr/local/share/ca-certificates.

    Example (snippet)

    Reference Line 8 above.

  4. Add a custom entry point to each affected container that points to the start-up script created in step 2. Note that the configuration will point to the container's internal path created through volume binding.

    Example (snippet)

    Reference Line 10 above.

Step 4: Restart the VERA containers

  1. Run docker-compose up --build -d to restart the docker containers with the new configurations.

  2. If the containers do not start successfully, then running the above command without the -d option will provide output for debugging.