Deploying SSL within running docker image of EJBCA CE

[merryo11]

Dear All, I have installed EJBCA CE 8.0 from keyfactor using docker with standard commands with TLS enabled setting. Now how can I deploy DigiCert commercial SSL on the deployed running instance so that default SSL keystore can be replaced and I can avoid SSL browser warnings while accessing the adminweb and ra portals.

Secondly I don't want to disturb my deployed version settings and just want to change the SSL keystore which is my requirement.

Platform Details are:
Ubuntue version 22
EJBCA Image from Keyfactor.ejbca ce (8.0)
Docker version 24.0.4 build 3713ee1
wildfly 26.1.2

Regards

[primetomas]

For this the recommended best-practice approach is to use an ingress, an apache or nginx proxy, who does the TLS termination.
There is some documentation on DockerHub for it. https://hub.docker.com/r/keyfactor/ejbca-ce

[primetomas]

i.e. you should normally never touch the keystore in the container, let the container be as it is and layer it, i.e. in your kubernetes environment.

[merryo11]

Ok great. I set apache as reverse proxy with commercial SSL in front of docker machine running EJBCA CE but can you confirm how can I access admin and RA portal through reverse proxy currently I am getting internal server error from reverse proxy but as an alternate for testing purpose i checked it with 80 port and I am getting RA page

Can you help. Secondly I also posted another discussion regarding DB migration so can you help me in that as well

[primetomas]

You can find deployment examples here: https://github.com/Keyfactor/keyfactorcommunity

[merryo11]

Dear Tomas, If I have to change the default SSL keystore created by EJBCA during deployment with my commercial SSL then how can I do it. Like if it is a mandatory requirement for me and I must change the default keystore then how can I do it and reverse proxy is not an option for me

[primetomas]

In that case the procedure is just the same as when you deploy/manage any keystore i WildFly. You can find information in the EJBCA installation docs, or WildFly docs about keystores and truststores.