refactor/Enable mTLS for Redis, use p12 instead of jks

2026-02-06 15:47:01 +00:00 · 2024-11-24 16:42:55 +01:00 · 2024-11-24 16:42:55 +01:00 · b79ea1cbbd
commit b79ea1cbbd
parent b4f3404482
2 changed files with 7 additions and 5 deletions
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@ -168,11 +168,13 @@ jwt.use.ssl=false

 ## Enable mTLS for Redis, if set to true must set paths for the keystore and truststore locations
 # redis.use.ssl=false
-# Client
-# keystore.path.redis = client-keystore.p12
+## Client
+## PKCS#12 Format: combine private keys and certificates into .p12 files for easier transport
+# keystore.path.redis = path/to/client-keystore.p12
 # keystore.password.redis = keystore-password
-# Server
-# truststore.path.redis = path/to/ca.jks
+## Trust stores is a list of trusted CA certificates
+## Public certificate for the CA (used by clients and servers to validate signatures)
+# truststore.path.redis = path/to/ca.p12
 # truststore.password.redis = truststore-password


--- a/obp-api/src/main/scala/code/api/cache/Redis.scala
+++ b/obp-api/src/main/scala/code/api/cache/Redis.scala
@ -56,7 +56,7 @@ object Redis extends MdcLoggable {
  private def configureSslContext(): SSLContext = {

    // Load the CA certificate
-    val trustStore = KeyStore.getInstance("JKS")
+    val trustStore = KeyStore.getInstance("PKCS12")
    val trustStorePassword = APIUtil.getPropsValue("keystore.password.redis")
      .getOrElse(APIUtil.initPasswd).toCharArray
    val truststorePath = APIUtil.getPropsValue("truststore.path.redis").getOrElse("")