cf-html5-apps-repo-cli-plugin icon indicating copy to clipboard operation
cf-html5-apps-repo-cli-plugin copied to clipboard
verified publisher icon SAP

Support CF custom certificates

Open micellius opened this issue 2 years ago • 0 comments

Description

Cloud Foundry allows to configure custom certificates to be used for it's endpoints (e.g. private cloud or regulated market deployment). In some cases, the certificate chain may include self-signed certificates or certificates signed by unknown authority. Trying to access such Cloud Foundry installation with cf CLI will cause an error due to CLI certificate validation failure.

To overcome this issue, cf CLI offers multiple options, including:

  • use of --skip-ssl-validation flag of cf login command (not recommended for security reasons)
  • add certificate to trust store of the machine (less recommended, since it impacts all requests issued by all programs on the machine)
  • set SSL_CERT_FILE environment variable to path pointing to file with additional signing certificate (recommended)
  • set SSL_CERT_DIR environment variable to path pointing to directory with server.crt file containing additional signing certificate (recommended)

However, requests to CF services originating from CLI plugin are not issued using cf CLI HTTP client and require special treatment. It would be beneficial to keep SSL related configuration of cf CLI aligned with the plugin configuration.

Qualities of Change

  • Functional - yes
  • User Interface - no
  • Documentation - yes
  • Introduces new dependency (y/n) - n
  • Incompatible change (y/n) - n

micellius avatar Jan 04 '24 12:01 micellius