How to Add a Self-signed Root Certificate to the VERA API Docker Container
The following procedure will need to be repeated with any containers that need to access any system using the the self-signed SSL certificate. For our default configuration, these are the containers that will need to be updated:
vera.server
vera.api.jira.routeactions*
vera.api.qtest.routeactions*
vera.worker.qtest**
vera.worker.jira**
*Note: You only need to add the root certificates here if you plan on setting these containers to use SSL. If SSL is handled by a gateway or load balancer, then the root certificate doesn’t need to be added to these containers.
**Note: You only need to add the root certificates here if you are using on prem qTest or Jira that uses your self-signed certificates. SaaS qTest and Jira Cloud will not need these root certificates for Vera to talk with them.
Typically, the microservices are configured to communicate with each other over non-SSL HTTP traffic (on port 80). If you configure the docker-compose.yml file to use HTTPS for inter-module communications, then the steps below will need to be repeated for every container.
Step 1: Stage a copy of the root certificate
Create a new directory on the server hosting the VERA Docker containers. This can be in any location where Docker will have access permissions.
Stage a copy of your self-signed root certificate into the folder created above.
Example
/path/to/my/cert/my-root-certificate.crt
Important
The certificate must be in a CRT format.
Step 2: Create a start-up script for the VERA API server
Create a new bash script for each container being updated (you will need three or more files) – e.g. startVeraServer.sh – with the following contents:
start.sh
#!/bin/bash update-ca-certificates dotnet Vera.Server.dll #dotnet Vera.Api.QTest.RouteActions.dll #dotnet Vera.Api.Jira.RouteActions.dll #dotnet Vera.Worker.QTest.dll #dotnet Vera.Worker.Jira.dll
Stage the script files into the same directory as the self-signed root certificate (from Step 1).
Example
/path/to/my/cert/startVeraServer.sh /path/to/my/cert/startVeraQTestActions.sh /path/to/my/cert/startVeraJiraActions.sh /path/to/my/cert/startVeraqTestWorker.sh /path/to/my/cert/startVeraJiraWorker.sh
Use
chmod
to apply executable permissions to the script file.Example
Step 3: Update VERA's Docker Compose file
Navigate to VERA's installation directory.
Open the
docker-compose.yml
file in a text editor.Add a volume binding for each affected container to binds the directory created in step 1 to /usr/local/share/ca-certificates.
Example (snippet)
Reference Line 8 above.
Add a custom entry point to each affected container that points to the start-up script created in step 2. Note that the configuration will point to the container's internal path created through volume binding.
Example (snippet)
Reference Line 10 above.
Step 4: Restart the VERA containers
Run
docker-compose up --build -d
to restart the docker containers with the new configurations.If the containers do not start successfully, then running the above command without the -d option will provide output for debugging.