| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Importing untrusted TLS certificates to Che :: Eclipse Che Documentation</title> |
| <link rel="canonical" href="https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/"> |
| <meta name="description" content="Importing untrusted TLS certificates to Che"> |
| <meta name="keywords" content="administration guide, tls, certificate"> |
| <meta name="generator" content="Antora 3.1.7"> |
| <link rel="stylesheet" href="../../../../docs/_/css/site.css"> |
| <link rel="stylesheet" href="../../../../docs/_/css/extra.css"> |
| <link rel="stylesheet" href="../../../../docs/_/font-awesome-4.7.0/css/font-awesome.min.css"> |
| <link rel="icon" href="../../../../docs/_/img/favicon.ico" type="image/x-icon"> |
| <script>var uiRootPath = '../../../../docs/_'</script> |
| <script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script> |
| <script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script> |
| </head> |
| <body class="article"> |
| <header class="header"> |
| <nav class="navbar"> |
| <div class="navbar-brand"> |
| <div class="navbar-item"> |
| <button class="navbar-burger" data-target="topbar-nav"> |
| <span></span> |
| <span></span> |
| <span></span> |
| </button> |
| <img src="../../../../docs/_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo"> |
| <a href="https://www.eclipse.org/che/docs/index.html">Eclipse Che Documentation</a> |
| </div> |
| </div> |
| <div id="topbar-nav" class="navbar-menu"> |
| <div class="navbar-end"> |
| <div class="navbar-item search hide-for-print"> |
| <div id="search-field" class="field"> |
| <input id="search-input" type="text" placeholder="Search the docs"> |
| </div> |
| </div> |
| <a class="navbar-item" href="https://www.eclipse.org/che/">Home</a> |
| <a class="navbar-item" href="https://che.eclipseprojects.io/">Blog</a> |
| <a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a> |
| </div> |
| </div> |
| </nav> |
| </header> |
| <div class="body"> |
| <div class="nav-container" data-component="docs" data-version="7.82.x"> |
| <aside class="nav"> |
| <div class="panels"> |
| <div class="nav-panel-menu is-active" data-panel="menu"> |
| <nav class="nav-menu"> |
| <button class="nav-menu-toggle" aria-label="Toggle expand/collapse all" style="display: none"></button> |
| <h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></h3> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../hosted-che/hosted-che/">Eclipse Che hosted by Red Hat</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">User Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/getting-started-with-che/">Getting started with Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/starting-a-workspace-from-a-git-repository-url/">Starting a workspace from a Git repository URL</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/optional-parameters-for-the-urls-for-starting-a-new-workspace/">Optional parameters for the URLs for starting a new workspace</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-concatenation/">URL parameter concatenation</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-the-ide/">URL parameter for the IDE</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-the-ide-image/">URL parameter for the IDE image</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-starting-duplicate-workspaces/">URL parameter for starting duplicate workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-the-devfile-file-name/">URL parameter for the devfile file name</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-the-devfile-file-path/">URL parameter for the devfile file path</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-the-workspace-storage/">URL parameter for the workspace storage</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-additional-remotes/">URL parameter for additional remotes</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/url-parameter-for-container-image/">URL parameter for a container image</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/starting-a-workspace-from-a-raw-devfile-url/">Starting a workspace from a raw devfile URL</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/basic-actions-you-can-perform-on-a-workspace/">Basic actions you can perform on a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/authenticating-to-a-git-server-from-a-workspace/">Authenticating to a Git server from a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-the-fuse-overlay-storage-driver/">Using the fuse-overlayfs storage driver for Podman and Buildah</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/accessing-fuse/">Accessing /dev/fuse</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-overlay-with-a-configmap/">Enabling fuse-overlayfs with a ConfigMap</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-che-in-team-workflow/">Using Che in team workflow</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/first-time-contributors/">Badge for first-time contributors</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/benefits-of-pull-requests-review-in-che/">Reviewing pull and merge requests</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/try-in-web-ide-github-action/">Try in Web IDE GitHub action</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../end-user-guide/customizing-workspace-components/">Customizing workspace components</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../end-user-guide/devfile-introduction/">Introduction to devfile in Che</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/ides-in-workspaces/">IDEs in workspaces</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/microsoft-visual-studio-code-open-source-ide/">Microsoft Visual Studio Code - Open Source</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/defining-a-common-ide/">Defining a common IDE</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-credentials-and-configurations-in-workspaces/">Using credentials and configurations in workspaces</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/mounting-secrets/">Mounting Secrets</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/creating-image-pull-secrets/">Creating image pull Secrets</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/using-a-git-provider-access-token/">Using a Git-provider access token</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/mounting-configmaps/">Mounting ConfigMaps</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/mounting-git-configuration/">Mounting Git configuration</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/enabling-artifact-repositories-in-a-restricted-environment/">Enabling artifact repositories in a restricted environment</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-maven-artifact-repositories/">Maven</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-gradle-artifact-repositories/">Gradle</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-npm-artifact-repositories/">npm</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-python-artifact-repositories/">Python</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-go-artifact-repositories/">Go</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/enabling-nuget-artifact-repositories/">NuGet</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../end-user-guide/requesting-persistent-storage-for-workspaces/">Requesting persistent storage for workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/integrating-with-kubernetes/">Integrating with Kubernetes</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/managing-workspaces-with-apis/">Managing workspaces with Kubernetes APIs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/automatic-token-injection/">Automatic Kubernetes token injection</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/navigating-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/navigating-openshift-web-console-from-che/">Navigating OpenShift web console from Che</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/viewing-che-workspaces-logs/">Viewing Che workspaces logs</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/viewing-workspace-logs-in-cli/">Workspace logs in CLI</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/viewing-workspace-logs-in-the-openshift-console/">Workspace logs in OpenShift console</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../end-user-guide/viewing-language-servers-and-debug-adapters-logs-in-visual-studio-code/">Language servers and debug adapters logs in the editor</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-webview-loading-error/">Troubleshooting webview loading error</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Administration Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../preparing-the-installation/">Preparing the installation</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../supported-platforms/">Supported platforms</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-the-chectl-management-tool/">Installing the chectl management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../architecture-overview/">Architecture</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../server-components/">Server components</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../che-operator/">Che operator</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../devworkspace-operator/">DevWorkspace operator</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../gateway/">Gateway</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../dashboard/">User dashboard</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../devfile-registries/">Devfile registries</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../che-server/">Che server</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../plugin-registry/">Plug-in registry</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../user-workspaces/">User workspaces</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../calculating-che-resource-requirements/">Calculating Che resource requirements</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../installing-che/">Installing Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../installing-che-in-the-cloud/">Installing Che in the cloud</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-openshift-using-cli/">Installing Che on OpenShift using CLI</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-openshift-using-the-web-console/">Installing Che on OpenShift using the web console</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-in-a-restricted-environment/">Installing Che in a restricted environment</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-microsoft-azure/">Installing Che on Microsoft Azure</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../installing-che-locally/">Installing Che locally</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-red-hat-openshift-local/">Installing Che on Red Hat OpenShift Local</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-minikube/">Installing Che on Minikube</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-minikube-keycloak-oidc/">Installing Che on Minikube with Keycloak as the OIDC provider</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../finding-the-fully-qualified-domain-name-fqdn/">Finding the fully qualified domain name (FQDN)</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-che/">Configuring Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../understanding-the-checluster-custom-resource/">Understanding the <code>CheCluster</code> Custom Resource</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../using-chectl-to-configure-the-checluster-custom-resource-during-installation/">Using chectl to configure the <code>CheCluster</code> Custom Resource during installation</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../using-the-cli-to-configure-the-checluster-custom-resource/">Using the CLI to configure the CheCluster Custom Resource</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../checluster-custom-resource-fields-reference/"><code>CheCluster</code> Custom Resource fields reference</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-namespace-provisioning/">Configuring namespaces</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-workspace-target-namespace/">Configuring namespace name</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../provisioning-namespaces-in-advance/">Provisioning namespaces in advance</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-server-components/">Configuring server components</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/">Mounting a Secret or a ConfigMap as a file or an environment variable into a Eclipse Che container</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../advanced-configuration-options-for-the-che-server-component/">Advanced configuration options for Che server</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-number-of-replicas/">configuring-number-of-replicas.adoc</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-workspaces-globally/">Configuring workspaces globally</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../limiting-the-number-of-workspaces-that-a-user-can-keep/">Limiting the number of workspaces that a user can keep</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../enabling-users-to-run-multiple-workspaces-simultaneously/">Enabling users to run multiple workspaces simultaneously</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Git with self-signed certificates</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-the-open-vsx-registry-url/">Open VSX registry URL</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-a-user-namespace/">Configuring a user namespace</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../defining-the-list-of-images-to-pull/">Defining the list of images</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../defining-the-memory-parameters-for-the-image-puller/">Defining the memory settings</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-image-puller-on-openshift-using-the-web-console/">Installing Image Puller on OpenShift using the web console</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-image-puller-on-openshift-using-cli/">Installing Image Puller on OpenShift using CLI</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-observability/">Configuring observability</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../the-woopra-telemetry-plugin/">The Woopra telemetry plugin</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../creating-a-telemetry-plugin/">Creating a telemetry plugin</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-server-logging/">Configuring server logging</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../collecting-logs-using-chectl/">Collecting logs using chectl</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../monitoring-the-dev-workspace-operator/">Monitoring the DevWorkspace Operator</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../monitoring-che/">Monitoring Che Server</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-networking/">Configuring networking</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-network-policies/">Configuring network policies</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-che-hostname/">Configuring Che hostname</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-che-with-self-signed-certificate/">Configuring Che with self-signed certificates</a> |
| </li> |
| <li class="nav-item is-current-page" data-depth="3"> |
| <a class="nav-link" href="./">Importing untrusted TLS certificates to Che</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../adding-labels-and-annotations/">Adding labels and annotations</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-storage/">Configuring storage</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-storage-classes/">Configuring storage classes</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-the-storage-strategy/">Configuring the storage strategy</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-storage-sizes/">Configuring storage sizes</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-dashboard/">Configuring dashboard</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-getting-started-samples/">Configuring getting started samples</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../customizing-openshift-che-consolelink-icon/">Customizing OpenShift Eclipse Che ConsoleLink icon</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../managing-identities-and-authorizations/">Managing identities and authorizations</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../configuring-oauth-for-git-providers/">Configuring OAuth for Git providers</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-oauth-2-for-github/">Configuring OAuth 2.0 for GitHub</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-oauth-2-for-gitlab/">Configuring OAuth 2.0 for GitLab</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-oauth-2-for-a-bitbucket-server/">Configuring OAuth 2.0 for a Bitbucket Server</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-oauth-2-for-the-bitbucket-cloud/">Configuring OAuth 2.0 for the Bitbucket Cloud</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-oauth-1-for-a-bitbucket-server/">Configuring OAuth 1.0 for a Bitbucket Server</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../configuring-oauth-2-for-microsoft-azure-devops-services/">Configuring OAuth 2.0 for Microsoft Azure DevOps Services</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-cluster-roles-for-users/">Configuring cluster roles for Che users</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../configuring-advanced-authorization/">Configuring advanced authorization</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../removing-user-data-in-compliance-with-the-gdpr/">Removing user data in compliance with the GDPR</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-fuse/">Configuring fuse-overlayfs</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../managing-ide-extensions/">Managing IDE extensions</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../extensions-for-microsoft-visual-studio-code-open-source/">Extensions for Microsoft Visual Studio Code - Open Source</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../managing-workloads-using-the-che-server-api/">Using the Che server API</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../upgrading-che/">Upgrading Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-the-chectl-management-tool/">Upgrading the chectl management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../specifying-the-update-approval-strategy/">Specifying the update approval strategy</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-che-using-the-web-console/">Upgrading Che using the OpenShift web console</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-che-using-the-cli-management-tool-in-restricted-environment/">Upgrading Che in a restricted environment</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../repairing-the-devworkspace-operator-on-openshift/">Repairing the DevWorkspace Operator on OpenShift</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../uninstalling-che/">Uninstalling Che</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../extensions/extensions/">Extensions</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| <div class="nav-panel-explore" data-panel="explore"> |
| <div class="context"> |
| <span class="title">Documentation</span> |
| <span class="version">7.82.x</span> |
| </div> |
| <ul class="components"> |
| <li class="component is-current"> |
| <div class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></div> |
| <ul class="versions"> |
| <li class="version"> |
| <a href="../../../next/overview/introduction-to-eclipse-che/">next</a> |
| </li> |
| <li class="version"> |
| <a href="../../../che-7/">old (7.41)</a> |
| </li> |
| <li class="version is-current is-latest"> |
| <a href="../../overview/introduction-to-eclipse-che/">7.82.x</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </aside> |
| </div> |
| <main class="article"> |
| <div class="toolbar" role="navigation"> |
| <button class="nav-toggle"></button> |
| <a href="../../overview/introduction-to-eclipse-che/" class="home-link"></a> |
| <nav class="breadcrumbs" aria-label="breadcrumbs"> |
| <ul> |
| <li><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></li> |
| <li>Administration Guide</li> |
| <li><a href="../configuring-che/">Configuring Che</a></li> |
| <li><a href="../configuring-networking/">Configuring networking</a></li> |
| <li><a href="./">Importing untrusted TLS certificates to Che</a></li> |
| </ul> |
| </nav> |
| <div class="page-versions"> |
| <button class="version-menu-toggle" title="Show other versions of page">7.82.x</button> |
| <div class="version-menu"> |
| <a class="version" href="../../../next/administration-guide/importing-untrusted-tls-certificates/">next</a> |
| <a class="version is-missing" href="../../../che-7/">old (7.41)</a> |
| <a class="version is-current" href="./">7.82.x</a> |
| </div> |
| </div> |
| <div class="edit-this-page"><a href="https://github.com/eclipse-che/che-docs/edit/7.82.x/modules/administration-guide/pages/importing-untrusted-tls-certificates.adoc">Edit this Page</a></div> |
| </div> |
| <div class="content"> |
| <aside class="toc sidebar" data-title="Contents" data-levels="2"> |
| <div class="toc-menu"></div> |
| </aside> |
| <article class="doc"> |
| <h1 class="page">Importing untrusted TLS certificates to Che</h1> |
| <div class="paragraph"> |
| <p>Che components communications with external services are encrypted with TLS. |
| They require TLS certificates signed by trusted Certificate Authorities (CA). |
| Therefore, you must import into Che all untrusted CA chains in use by an external service such as:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>A proxy</p> |
| </li> |
| <li> |
| <p>An identity provider (OIDC)</p> |
| </li> |
| <li> |
| <p>A source code repositories provider (Git)</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>Che uses labeled config maps in Che namespace as sources for TLS certificates. |
| The config maps can have an arbitrary amount of keys with a random amount of certificates each.</p> |
| </div> |
| <div class="admonitionblock note"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-note" title="Note"></i> |
| </td> |
| <td class="content"> |
| <div class="paragraph"> |
| <p>When an OpenShift cluster contains cluster-wide trusted CA certificates added through the <a href="https://docs.openshift.com/container-platform/latest/networking/configuring-a-custom-pki.html#nw-proxy-configure-object_configuring-a-custom-pki">cluster-wide-proxy configuration</a>, |
| Che Operator detects them and automatically injects them into a config map with the <code>config.openshift.io/inject-trusted-cabundle="true"</code> label. |
| Based on this annotation, OpenShift automatically injects the cluster-wide trusted CA certificates inside the <code>ca-bundle.crt</code> key of the config map.</p> |
| </div> |
| </td> |
| </tr> |
| </table> |
| </div> |
| <div class="ulist"> |
| <div class="title">Prerequisites</div> |
| <ul> |
| <li> |
| <p>An active <code>kubectl</code> session with administrative permissions to the destination Kubernetes cluster. |
| See <a href="https://kubernetes.io/docs/reference/kubectl/overview/">Overview of kubectl</a>.</p> |
| </li> |
| <li> |
| <p>The <code>eclipse-che</code> namespace exists.</p> |
| </li> |
| <li> |
| <p>For each CA chain to import: the root CA and intermediate certificates, in <a href="https://wiki.openssl.org/index.php/PEM">PEM</a> format, in a <code>ca-cert-for-che-<em><count></em>.pem</code> file.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="olist arabic"> |
| <div class="title">Procedure</div> |
| <ol class="arabic"> |
| <li> |
| <p>Concatenate all CA chains PEM files to import, into the <code>custom-ca-certificates.pem</code> file, and remove the return character that is incompatible with the Java truststore.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ cat ca-cert-for-che-*.pem | tr -d '\r' > custom-ca-certificates.pem</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the <code>custom-ca-certificates</code> config map with the required TLS certificates:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ kubectl create configmap custom-ca-certificates \ |
| --from-file=custom-ca-certificates.pem \ |
| --namespace=eclipse-che</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Label the <code>custom-ca-certificates</code> config map:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ kubectl label configmap custom-ca-certificates \ |
| app.kubernetes.io/component=ca-bundle \ |
| app.kubernetes.io/part-of=che.eclipse.org \ |
| --namespace=eclipse-che</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Deploy Che if it hasn’t been deployed before. |
| Otherwise, wait until the rollout of Che components finishes.</p> |
| </li> |
| <li> |
| <p>Restart running workspaces for the changes to take effect.</p> |
| </li> |
| </ol> |
| </div> |
| <div class="olist arabic"> |
| <div class="title">Verification steps</div> |
| <ol class="arabic"> |
| <li> |
| <p>Verify that the config map contains your custom CA certificates. |
| This command returns your custom CA certificates in PEM format:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl get configmap \ |
| --namespace=eclipse-che \ |
| --output='jsonpath={.items[0:].data.custom-ca-certificates\.pem}' \ |
| --selector=app.kubernetes.io/component=ca-bundle,app.kubernetes.io/part-of=che.eclipse.org</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify Che pod contains a volume mounting the <code>ca-certs-merged</code> config map:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl get pod \ |
| --selector=app.kubernetes.io/component=che \ |
| --output='jsonpath={.items[0].spec.volumes[0:].configMap.name}' \ |
| --namespace=eclipse-che \ |
| | grep ca-certs-merged</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify the Che server container has your custom CA certificates. |
| This command returns your custom CA certificates in PEM format:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl exec -t deploy/che \ |
| --namespace=eclipse-che \ |
| -- cat /public-certs/custom-ca-certificates.pem</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify in the Che server logs that the imported certificates count is not null:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl logs deploy/che --namespace=eclipse-che \ |
| | grep custom-ca-certificates.pem</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>List the SHA256 fingerprints of your certificates:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ for certificate in ca-cert*.pem ; |
| do openssl x509 -in $certificate -digest -sha256 -fingerprint -noout | cut -d= -f2; |
| done</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify that Che server Java truststore contains certificates with the same fingerprint:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl exec -t deploy/che --namespace=eclipse-che -- \ |
| keytool -list -keystore /home/user/cacerts \ |
| | grep --after-context=1 custom-ca-certificates.pem</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Start a workspace, get the namespace name in which it has been created: <em><workspace_namespace></em>, and wait for the workspace to be started.</p> |
| </li> |
| <li> |
| <p>Verify that the <code>che-trusted-ca-certs</code> config map contains your custom CA certificates. |
| This command returns your custom CA certificates in PEM format:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl get configmap che-trusted-ca-certs \ |
| --namespace=<em><workspace_namespace></em> \ |
| --output='jsonpath={.data.custom-ca-certificates\.custom-ca-certificates\.pem}'</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify that the workspace pod mounts the <code>che-trusted-ca-certs</code> config map:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl get pod \ |
| --namespace=<em><workspace_namespace></em> \ |
| --selector='controller.devfile.io/devworkspace_name=<em><workspace_name></em>' \ |
| --output='jsonpath={.items[0:].spec.volumes[0:].configMap.name}' \ |
| | grep che-trusted-ca-certs</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify that the <code>universal-developer-image</code> container (or the container defined in the workspace devfile) mounts the <code>che-trusted-ca-certs</code> volume:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl get pod \ |
| --namespace=<em><workspace_namespace></em> \ |
| --selector='controller.devfile.io/devworkspace_name=<em><workspace_name></em>' \ |
| --output='jsonpath={.items[0:].spec.containers[0:]}' \ |
| | jq 'select (.volumeMounts[].name == "che-trusted-ca-certs") | .name'</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Get the workspace pod name <em><workspace_pod_name></em>:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl get pod \ |
| --namespace=<em><workspace_namespace></em> \ |
| --selector='controller.devfile.io/devworkspace_name=<em><workspace_name></em>' \ |
| --output='jsonpath={.items[0:].metadata.name}' \</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify that the workspace container has your custom CA certificates. |
| This command returns your custom CA certificates in PEM format:</p> |
| <div class="listingblock white-space-pre"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl exec <em><workspace_pod_name></em> \ |
| --namespace=<em><workspace_namespace></em> \ |
| -- cat /public-certs/custom-ca-certificates.custom-ca-certificates.pem</pre> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| <div class="ulist"> |
| <div class="title">Additional resources</div> |
| <ul> |
| <li> |
| <p><a href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/" class="xref page">Deploying Che with support for Git repositories with self-signed certificates</a>.</p> |
| </li> |
| </ul> |
| </div> |
| </article> |
| </div> |
| </main> |
| </div> |
| <footer class="footer"> |
| <div> |
| <a href="https://www.eclipse.org/che/sitemap.xml" target="_blank">Site Map</a> | |
| <a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> | |
| <a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> | |
| <a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> | |
| <a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> | |
| <a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div> |
| </footer> |
| |
| <script id="site-script" src="../../../../docs/_/js/site.js" data-ui-root-path="../../../../docs/_"></script> |
| <script async src="../../../../docs/_/js/vendor/highlight.js"></script> |
| <script src="../../../../docs/_/js/vendor/lunr.js"></script> |
| <script src="../../../../docs/_/js/search-ui.js" id="search-ui-script" data-site-root-path="../../../.." data-snippet-length="142" data-stylesheet="../../../../docs/_/css/search.css"></script> |
| <script async src="../../../../search-index.js"></script> |
| </body> |
| </html> |