Adding Root Certificates to trust the Certificate of a Downstream FHIR Server

[chrmey]

Is there an environment variable or a path mapping that i can use to add a root Certificate of my CA into the FHIR Gateway? This is needed so the FHIR Gateway trusts the certificate of my downstream FHIR-Server.

[chrmey]

Also a possibility for using Basic-Auth would be very useful.

[chrmey]

Workaraound: Mouting a custom Truststore as JKS file into the container. Passing it to the JVM with the JAVA_TOOL_OPTIONS:
-Djavax.net.ssl.trustStore=/path/to/certs -Djavax.net.ssl.trustStorePassword=truststorepasswd

However, now the correct certificate path can be build, but the hostname validation fails. It seems possible, that this occurs because there is no SAN given in the certificate. Although the hostname is equal to the CN in the certificate.

[chgl]

That seems possible since the CN field is deprecated nowadays: https://frasertweedale.github.io/blog-redhat/posts/2017-07-11-cn-deprecation.html https://unmitigatedrisk.com/?p=381