Trusted certificate support

Page last updated:

The Java buildpack supports BOSH configured custom trusted certificates. For more information, see Configuring Trusted Certificates in the BOSH documentation. It also supports importing the Diego Instance ID cert and key.

This support is activated by default in the buildpack and no additional configuration is required.

You can deactivate support for each feature individually by setting the following environment variables:

  • key manager
  • trust manager

To deactivate the key manager (Diego Instance ID cert/key import):

$ cf set-env APP-NAME JBP_CONFIG_CONTAINER_SECURITY_PROVIDER '{key_manager_enabled: false}'

To deactivate the trust manager (Bosh Trusted Certificates):

$ cf set-env APP-NAME JBP_CONFIG_CONTAINER_SECURITY_PROVIDER '{trust_manager_enabled: false}'

For more information, see Container Security Provider in the official Java buildpack documentation.

Create a pull request or raise an issue on the source for this page in GitHub