Permalink
Browse files

Set up a trust store with NUBIC's certificate CAs for PSC's Tomcat.

  • Loading branch information...
1 parent 33e6e5a commit ccedcce13436dd80fa952c7ca449da54751e1e53 David Yip committed Jun 21, 2012
Showing with 17 additions and 0 deletions.
  1. +17 −0 chef/cookbooks/ncs_navigator/recipes/psc.rb
@@ -71,3 +71,20 @@
link "#{node["tomcat"]["base"]}/conf/psc" do
to psc_bundle_dir
end
+
+# PSC's CAS mechanism needs to be able to trust the CAS server, so install the
+# CAS server's certificates in a trust store and point Tomcat at it.
+include_recipe "tomcat::custom_trust_store"
+include_recipe "ssl_certificates"
+
+node["ssl_certificates"]["trust_chain"].each do |cert|
+ cf = "#{node["ssl_certificates"]["ca_path"]}/#{cert}"
+
+ java_keystore "add_nubic_certificates_for_psc" do
+ action :import
+ keystore node["tomcat"]["keystore"]["path"]
+ storepass node["tomcat"]["keystore"]["password"]
+ cert_file cf
+ cert_alias cert
+ end
+end

0 comments on commit ccedcce

Please sign in to comment.