Use Custom Keystore with Archive - dcm4che/dcm4chee-arc-light GitHub Wiki
This page briefly describes how one may use their own key+certificate in dockerized archive (using docker-compose) instead of the default keystore provided by the archive.
- Configure archive as specified in Running on Docker
- Before you start the containers:
- Create a custom directory in
/var/local/dcm4chee-arc/
. - Place your keystore (in JKS or PKCS12 format) in this directory, i.e.
/var/local/dcm4chee-arc/custom-dir
- In your
docker-compose.yml
Map this directory to a path within the archive container as :- /var/local/dcm4chee-arc/custom-dir:/opt/wildfly/custom-dir
- If you're using secured version of archive, in the same
docker-compose.yml
file, do the same volume mapping also for keycloak container- /var/local/dcm4chee-arc/custom-dir:/opt/wildfly/custom-dir
- In
docker-compose.env
file, specify your keystore (Replacecustom-keystore
andcustom-keystore-password
with your keystore values)KEYSTORE=/opt/wildfly/custom-dir/custom-keystore.p12 KEYSTORE_PASSWORD=custom-keystore-password
- In the same
docker-compose.env
file, if your private key in keystore is protected by a password, then specify (Replacecustom-keystore-private-key-password
with value as required)KEY_PASSWORD=custom-keystore-private-key-password
- By default, the
KEYSTORE_TYPE
isPKCS12
. If you used aJKS
type of keystore, you need to specify this env variableKEYSTORE_TYPE=JKS
- Provide read permission to all users to this folder
sudo chmod a+r /var/local/dcm4chee-arc/custom-dir/*
- Create a custom directory in
- Start the containers as specified
- If you used a secure version of archive, to enable Keycloak adapter in archive to accept requests from Keycloak server,
add the CA certificate
cd /var/local/dcm4chee-arc/wildfly/configuration/keystores keytool -import -alias customCA -file <custom-CA-certificate.pem> -storetype JKS -keystore cacerts.p12