Google Git
Sign in
eclipse / www.eclipse.org / che / 688eb7e0b008a2e27c5427aaf96d3c64a9c62fe1 / . / docs / stable / administration-guide / importing-untrusted-tls-certificates / index.html
blob: 9ed0d55846d1f03bcdad083e7c10904747709469 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Importing untrusted TLS certificates to Che :: Eclipse Che Documentation</title>
<link rel="canonical" href="https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/">
<meta name="description" content="Importing untrusted TLS certificates to Che">
<meta name="keywords" content="administration guide, tls, certificate">
<meta name="generator" content="Antora 3.1.7">
<link rel="stylesheet" href="../../../../docs/_/css/site.css">
<link rel="stylesheet" href="../../../../docs/_/css/extra.css">
<link rel="stylesheet" href="../../../../docs/_/font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="icon" href="../../../../docs/_/img/favicon.ico" type="image/x-icon">
<script>var uiRootPath = '../../../../docs/_'</script>
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script>
<script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script>
</head>
<body class="article">
<header class="header">
<nav class="navbar">
<div class="navbar-brand">
<div class="navbar-item">
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
<img src="../../../../docs/_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo">
<a href="https://www.eclipse.org/che/docs/index.html">Eclipse Che Documentation</a>
</div>
</div>
<div id="topbar-nav" class="navbar-menu">
<div class="navbar-end">
<div class="navbar-item search hide-for-print">
<div id="search-field" class="field">
<input id="search-input" type="text" placeholder="Search the docs">
</div>
</div>
<a class="navbar-item" href="https://www.eclipse.org/che/">Home</a>
<a class="navbar-item" href="https://che.eclipseprojects.io/">Blog</a>
<a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a>
</div>
</div>
</nav>
</header>
<div class="body">
<div class="nav-container" data-component="docs" data-version="7.82.x">
<aside class="nav">
<div class="panels">
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<button class="nav-menu-toggle" aria-label="Toggle expand/collapse all" style="display: none"></button>
<h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../hosted-che/hosted-che/">Eclipse Che hosted by Red Hat</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">User Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/getting-started-with-che/">Getting started with Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/starting-a-workspace-from-a-git-repository-url/">Starting a workspace from a Git repository URL</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/optional-parameters-for-the-urls-for-starting-a-new-workspace/">Optional parameters for the URLs for starting a new workspace</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-concatenation/">URL parameter concatenation</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-ide/">URL parameter for the IDE</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-ide-image/">URL parameter for the IDE image</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-starting-duplicate-workspaces/">URL parameter for starting duplicate workspaces</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-devfile-file-name/">URL parameter for the devfile file name</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-devfile-file-path/">URL parameter for the devfile file path</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-workspace-storage/">URL parameter for the workspace storage</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-additional-remotes/">URL parameter for additional remotes</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-container-image/">URL parameter for a container image</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/starting-a-workspace-from-a-raw-devfile-url/">Starting a workspace from a raw devfile URL</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/basic-actions-you-can-perform-on-a-workspace/">Basic actions you can perform on a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/authenticating-to-a-git-server-from-a-workspace/">Authenticating to a Git server from a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-the-fuse-overlay-storage-driver/">Using the fuse-overlayfs storage driver for Podman and Buildah</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/accessing-fuse/">Accessing /dev/fuse</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-overlay-with-a-configmap/">Enabling fuse-overlayfs with a ConfigMap</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-che-in-team-workflow/">Using Che in team workflow</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/first-time-contributors/">Badge for first-time contributors</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/benefits-of-pull-requests-review-in-che/">Reviewing pull and merge requests</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/try-in-web-ide-github-action/">Try in Web IDE GitHub action</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../end-user-guide/customizing-workspace-components/">Customizing workspace components</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../end-user-guide/devfile-introduction/">Introduction to devfile in Che</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/ides-in-workspaces/">IDEs in workspaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/microsoft-visual-studio-code-open-source-ide/">Microsoft Visual Studio Code - Open Source</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/defining-a-common-ide/">Defining a common IDE</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-credentials-and-configurations-in-workspaces/">Using credentials and configurations in workspaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/mounting-secrets/">Mounting Secrets</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/creating-image-pull-secrets/">Creating image pull Secrets</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/using-a-git-provider-access-token/">Using a Git-provider access token</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/mounting-configmaps/">Mounting ConfigMaps</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/mounting-git-configuration/">Mounting Git configuration</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/enabling-artifact-repositories-in-a-restricted-environment/">Enabling artifact repositories in a restricted environment</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-maven-artifact-repositories/">Maven</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-gradle-artifact-repositories/">Gradle</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-npm-artifact-repositories/">npm</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-python-artifact-repositories/">Python</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-go-artifact-repositories/">Go</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-nuget-artifact-repositories/">NuGet</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../end-user-guide/requesting-persistent-storage-for-workspaces/">Requesting persistent storage for workspaces</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/integrating-with-kubernetes/">Integrating with Kubernetes</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/managing-workspaces-with-apis/">Managing workspaces with Kubernetes APIs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/automatic-token-injection/">Automatic Kubernetes token injection</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/navigating-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/navigating-openshift-web-console-from-che/">Navigating OpenShift web console from Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/viewing-che-workspaces-logs/">Viewing Che workspaces logs</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/viewing-workspace-logs-in-cli/">Workspace logs in CLI</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/viewing-workspace-logs-in-the-openshift-console/">Workspace logs in OpenShift console</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/viewing-language-servers-and-debug-adapters-logs-in-visual-studio-code/">Language servers and debug adapters logs in the editor</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-webview-loading-error/">Troubleshooting webview loading error</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Administration Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../preparing-the-installation/">Preparing the installation</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../supported-platforms/">Supported platforms</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-the-chectl-management-tool/">Installing the chectl management tool</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../architecture-overview/">Architecture</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../server-components/">Server components</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../che-operator/">Che operator</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../devworkspace-operator/">DevWorkspace operator</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../gateway/">Gateway</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../dashboard/">User dashboard</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../devfile-registries/">Devfile registries</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../che-server/">Che server</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../plugin-registry/">Plug-in registry</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../user-workspaces/">User workspaces</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../calculating-che-resource-requirements/">Calculating Che resource requirements</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che/">Installing Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che-in-the-cloud/">Installing Che in the cloud</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-openshift-using-cli/">Installing Che on OpenShift using CLI</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-openshift-using-the-web-console/">Installing Che on OpenShift using the web console</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-in-a-restricted-environment/">Installing Che in a restricted environment</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-microsoft-azure/">Installing Che on Microsoft Azure</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che-locally/">Installing Che locally</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-red-hat-openshift-local/">Installing Che on Red Hat OpenShift Local</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-minikube/">Installing Che on Minikube</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-minikube-keycloak-oidc/">Installing Che on Minikube with Keycloak as the OIDC provider</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../finding-the-fully-qualified-domain-name-fqdn/">Finding the fully qualified domain name (FQDN)</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-che/">Configuring Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../understanding-the-checluster-custom-resource/">Understanding the <code>CheCluster</code> Custom Resource</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../using-chectl-to-configure-the-checluster-custom-resource-during-installation/">Using chectl to configure the <code>CheCluster</code> Custom Resource during installation</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../using-the-cli-to-configure-the-checluster-custom-resource/">Using the CLI to configure the CheCluster Custom Resource</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../checluster-custom-resource-fields-reference/"><code>CheCluster</code> Custom Resource fields reference</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-namespace-provisioning/">Configuring namespaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-workspace-target-namespace/">Configuring namespace name</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../provisioning-namespaces-in-advance/">Provisioning namespaces in advance</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-server-components/">Configuring server components</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/">Mounting a Secret or a ConfigMap as a file or an environment variable into a Eclipse&#160;Che container</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../advanced-configuration-options-for-the-che-server-component/">Advanced configuration options for Che server</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-number-of-replicas/">configuring-number-of-replicas.adoc</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-workspaces-globally/">Configuring workspaces globally</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../limiting-the-number-of-workspaces-that-a-user-can-keep/">Limiting the number of workspaces that a user can keep</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../enabling-users-to-run-multiple-workspaces-simultaneously/">Enabling users to run multiple workspaces simultaneously</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Git with self-signed certificates</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-the-open-vsx-registry-url/">Open VSX registry URL</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-a-user-namespace/">Configuring a user namespace</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../defining-the-list-of-images-to-pull/">Defining the list of images</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../defining-the-memory-parameters-for-the-image-puller/">Defining the memory settings</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-image-puller-on-openshift-using-the-web-console/">Installing Image Puller on OpenShift using the web console</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-image-puller-on-openshift-using-cli/">Installing Image Puller on OpenShift using CLI</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-observability/">Configuring observability</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../the-woopra-telemetry-plugin/">The Woopra telemetry plugin</a>
</li>
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../creating-a-telemetry-plugin/">Creating a telemetry plugin</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-server-logging/">Configuring server logging</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../collecting-logs-using-chectl/">Collecting logs using chectl</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../monitoring-the-dev-workspace-operator/">Monitoring the DevWorkspace Operator</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../monitoring-che/">Monitoring Che Server</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-networking/">Configuring networking</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-network-policies/">Configuring network policies</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-che-hostname/">Configuring Che hostname</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-che-with-self-signed-certificate/">Configuring Che with self-signed certificates</a>
</li>
<li class="nav-item is-current-page" data-depth="3">
<a class="nav-link" href="./">Importing untrusted TLS certificates to Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../adding-labels-and-annotations/">Adding labels and annotations</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-storage/">Configuring storage</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-storage-classes/">Configuring storage classes</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-the-storage-strategy/">Configuring the storage strategy</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-storage-sizes/">Configuring storage sizes</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-dashboard/">Configuring dashboard</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-getting-started-samples/">Configuring getting started samples</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../customizing-openshift-che-consolelink-icon/">Customizing OpenShift Eclipse Che ConsoleLink icon</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../managing-identities-and-authorizations/">Managing identities and authorizations</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-oauth-for-git-providers/">Configuring OAuth for Git providers</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-github/">Configuring OAuth 2.0 for GitHub</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-gitlab/">Configuring OAuth 2.0 for GitLab</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-a-bitbucket-server/">Configuring OAuth 2.0 for a Bitbucket Server</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-the-bitbucket-cloud/">Configuring OAuth 2.0 for the Bitbucket Cloud</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-1-for-a-bitbucket-server/">Configuring OAuth 1.0 for a Bitbucket Server</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-microsoft-azure-devops-services/">Configuring OAuth 2.0 for Microsoft Azure DevOps Services</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-cluster-roles-for-users/">Configuring cluster roles for Che users</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-advanced-authorization/">Configuring advanced authorization</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../removing-user-data-in-compliance-with-the-gdpr/">Removing user data in compliance with the GDPR</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-fuse/">Configuring fuse-overlayfs</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../managing-ide-extensions/">Managing IDE extensions</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../extensions-for-microsoft-visual-studio-code-open-source/">Extensions for Microsoft Visual Studio Code - Open Source</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../managing-workloads-using-the-che-server-api/">Using the Che server API</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../upgrading-che/">Upgrading Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-the-chectl-management-tool/">Upgrading the chectl management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../specifying-the-update-approval-strategy/">Specifying the update approval strategy</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-web-console/">Upgrading Che using the OpenShift web console</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-cli-management-tool-in-restricted-environment/">Upgrading Che in a restricted environment</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../repairing-the-devworkspace-operator-on-openshift/">Repairing the DevWorkspace Operator on OpenShift</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../uninstalling-che/">Uninstalling Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/extensions/">Extensions</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Documentation</span>
<span class="version">7.82.x</span>
</div>
<ul class="components">
<li class="component is-current">
<div class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></div>
<ul class="versions">
<li class="version">
<a href="../../../next/overview/introduction-to-eclipse-che/">next</a>
</li>
<li class="version">
<a href="../../../che-7/">old (7.41)</a>
</li>
<li class="version is-current is-latest">
<a href="../../overview/introduction-to-eclipse-che/">7.82.x</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main class="article">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../overview/introduction-to-eclipse-che/" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></li>
<li>Administration Guide</li>
<li><a href="../configuring-che/">Configuring Che</a></li>
<li><a href="../configuring-networking/">Configuring networking</a></li>
<li><a href="./">Importing untrusted TLS certificates to Che</a></li>
</ul>
</nav>
<div class="page-versions">
<button class="version-menu-toggle" title="Show other versions of page">7.82.x</button>
<div class="version-menu">
<a class="version" href="../../../next/administration-guide/importing-untrusted-tls-certificates/">next</a>
<a class="version is-missing" href="../../../che-7/">old (7.41)</a>
<a class="version is-current" href="./">7.82.x</a>
</div>
</div>
<div class="edit-this-page"><a href="https://github.com/eclipse-che/che-docs/edit/7.82.x/modules/administration-guide/pages/importing-untrusted-tls-certificates.adoc">Edit this Page</a></div>
</div>
<div class="content">
<aside class="toc sidebar" data-title="Contents" data-levels="2">
<div class="toc-menu"></div>
</aside>
<article class="doc">
<h1 class="page">Importing untrusted TLS certificates to Che</h1>
<div class="paragraph">
<p>Che components communications with external services are encrypted with TLS.
They require TLS certificates signed by trusted Certificate Authorities (CA).
Therefore, you must import into Che all untrusted CA chains in use by an external service such as:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>A proxy</p>
</li>
<li>
<p>An identity provider (OIDC)</p>
</li>
<li>
<p>A source code repositories provider (Git)</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Che uses labeled config maps in Che namespace as sources for TLS certificates.
The config maps can have an arbitrary amount of keys with a random amount of certificates each.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
<div class="paragraph">
<p>When an OpenShift cluster contains cluster-wide trusted CA certificates added through the <a href="https://docs.openshift.com/container-platform/latest/networking/configuring-a-custom-pki.html#nw-proxy-configure-object_configuring-a-custom-pki">cluster-wide-proxy configuration</a>,
Che Operator detects them and automatically injects them into a config map with the <code>config.openshift.io/inject-trusted-cabundle="true"</code> label.
Based on this annotation, OpenShift automatically injects the cluster-wide trusted CA certificates inside the <code>ca-bundle.crt</code> key of the config map.</p>
</div>
</td>
</tr>
</table>
</div>
<div class="ulist">
<div class="title">Prerequisites</div>
<ul>
<li>
<p>An active <code>kubectl</code> session with administrative permissions to the destination Kubernetes cluster.
See <a href="https://kubernetes.io/docs/reference/kubectl/overview/">Overview of kubectl</a>.</p>
</li>
<li>
<p>The <code>eclipse-che</code> namespace exists.</p>
</li>
<li>
<p>For each CA chain to import: the root CA and intermediate certificates, in <a href="https://wiki.openssl.org/index.php/PEM">PEM</a> format, in a <code>ca-cert-for-che-<em>&lt;count&gt;</em>.pem</code> file.</p>
</li>
</ul>
</div>
<div class="olist arabic">
<div class="title">Procedure</div>
<ol class="arabic">
<li>
<p>Concatenate all CA chains PEM files to import, into the <code>custom-ca-certificates.pem</code> file, and remove the return character that is incompatible with the Java truststore.</p>
<div class="listingblock">
<div class="content">
<pre>$ cat ca-cert-for-che-*.pem | tr -d '\r' &gt; custom-ca-certificates.pem</pre>
</div>
</div>
</li>
<li>
<p>Create the <code>custom-ca-certificates</code> config map with the required TLS certificates:</p>
<div class="listingblock">
<div class="content">
<pre>$ kubectl create configmap custom-ca-certificates \
--from-file=custom-ca-certificates.pem \
--namespace=eclipse-che</pre>
</div>
</div>
</li>
<li>
<p>Label the <code>custom-ca-certificates</code> config map:</p>
<div class="listingblock">
<div class="content">
<pre>$ kubectl label configmap custom-ca-certificates \
app.kubernetes.io/component=ca-bundle \
app.kubernetes.io/part-of=che.eclipse.org \
--namespace=eclipse-che</pre>
</div>
</div>
</li>
<li>
<p>Deploy Che if it hasn&#8217;t been deployed before.
Otherwise, wait until the rollout of Che components finishes.</p>
</li>
<li>
<p>Restart running workspaces for the changes to take effect.</p>
</li>
</ol>
</div>
<div class="olist arabic">
<div class="title">Verification steps</div>
<ol class="arabic">
<li>
<p>Verify that the config map contains your custom CA certificates.
This command returns your custom CA certificates in PEM format:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl get configmap \
--namespace=eclipse-che \
--output='jsonpath={.items[0:].data.custom-ca-certificates\.pem}' \
--selector=app.kubernetes.io/component=ca-bundle,app.kubernetes.io/part-of=che.eclipse.org</pre>
</div>
</div>
</li>
<li>
<p>Verify Che pod contains a volume mounting the <code>ca-certs-merged</code> config map:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl get pod \
--selector=app.kubernetes.io/component=che \
--output='jsonpath={.items[0].spec.volumes[0:].configMap.name}' \
--namespace=eclipse-che \
| grep ca-certs-merged</pre>
</div>
</div>
</li>
<li>
<p>Verify the Che server container has your custom CA certificates.
This command returns your custom CA certificates in PEM format:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl exec -t deploy/che \
--namespace=eclipse-che \
-- cat /public-certs/custom-ca-certificates.pem</pre>
</div>
</div>
</li>
<li>
<p>Verify in the Che server logs that the imported certificates count is not null:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl logs deploy/che --namespace=eclipse-che \
| grep custom-ca-certificates.pem</pre>
</div>
</div>
</li>
<li>
<p>List the SHA256 fingerprints of your certificates:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ for certificate in ca-cert*.pem ;
do openssl x509 -in $certificate -digest -sha256 -fingerprint -noout | cut -d= -f2;
done</pre>
</div>
</div>
</li>
<li>
<p>Verify that Che server Java truststore contains certificates with the same fingerprint:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl exec -t deploy/che --namespace=eclipse-che -- \
keytool -list -keystore /home/user/cacerts \
| grep --after-context=1 custom-ca-certificates.pem</pre>
</div>
</div>
</li>
<li>
<p>Start a workspace, get the namespace name in which it has been created: <em>&lt;workspace_namespace&gt;</em>, and wait for the workspace to be started.</p>
</li>
<li>
<p>Verify that the <code>che-trusted-ca-certs</code> config map contains your custom CA certificates.
This command returns your custom CA certificates in PEM format:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl get configmap che-trusted-ca-certs \
--namespace=<em>&lt;workspace_namespace&gt;</em> \
--output='jsonpath={.data.custom-ca-certificates\.custom-ca-certificates\.pem}'</pre>
</div>
</div>
</li>
<li>
<p>Verify that the workspace pod mounts the <code>che-trusted-ca-certs</code> config map:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl get pod \
--namespace=<em>&lt;workspace_namespace&gt;</em> \
--selector='controller.devfile.io/devworkspace_name=<em>&lt;workspace_name&gt;</em>' \
--output='jsonpath={.items[0:].spec.volumes[0:].configMap.name}' \
| grep che-trusted-ca-certs</pre>
</div>
</div>
</li>
<li>
<p>Verify that the <code>universal-developer-image</code> container (or the container defined in the workspace devfile) mounts the <code>che-trusted-ca-certs</code> volume:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl get pod \
--namespace=<em>&lt;workspace_namespace&gt;</em> \
--selector='controller.devfile.io/devworkspace_name=<em>&lt;workspace_name&gt;</em>' \
--output='jsonpath={.items[0:].spec.containers[0:]}' \
| jq 'select (.volumeMounts[].name == "che-trusted-ca-certs") | .name'</pre>
</div>
</div>
</li>
<li>
<p>Get the workspace pod name <em>&lt;workspace_pod_name&gt;</em>:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl get pod \
--namespace=<em>&lt;workspace_namespace&gt;</em> \
--selector='controller.devfile.io/devworkspace_name=<em>&lt;workspace_name&gt;</em>' \
--output='jsonpath={.items[0:].metadata.name}' \</pre>
</div>
</div>
</li>
<li>
<p>Verify that the workspace container has your custom CA certificates.
This command returns your custom CA certificates in PEM format:</p>
<div class="listingblock white-space-pre">
<div class="content">
<pre class="nowrap">$ kubectl exec <em>&lt;workspace_pod_name&gt;</em> \
--namespace=<em>&lt;workspace_namespace&gt;</em> \
-- cat /public-certs/custom-ca-certificates.custom-ca-certificates.pem</pre>
</div>
</div>
</li>
</ol>
</div>
<div class="ulist">
<div class="title">Additional resources</div>
<ul>
<li>
<p><a href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/" class="xref page">Deploying Che with support for Git repositories with self-signed certificates</a>.</p>
</li>
</ul>
</div>
</article>
</div>
</main>
</div>
<footer class="footer">
<div>
<a href="https://www.eclipse.org/che/sitemap.xml" target="_blank">Site Map</a> |
<a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> |
<a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> |
<a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> |
<a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> |
<a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div>
</footer>
<script id="site-script" src="../../../../docs/_/js/site.js" data-ui-root-path="../../../../docs/_"></script>
<script async src="../../../../docs/_/js/vendor/highlight.js"></script>
<script src="../../../../docs/_/js/vendor/lunr.js"></script>
<script src="../../../../docs/_/js/search-ui.js" id="search-ui-script" data-site-root-path="../../../.." data-snippet-length="142" data-stylesheet="../../../../docs/_/css/search.css"></script>
<script async src="../../../../search-index.js"></script>
</body>
</html>