How does one assign TLS certs to Helidon web server?

Question

How does one assign TLS certs to Helidon web server?

My guess is to add: https://helidon.io/docs/latest/#/security/04_tools and import certs into java keystore? Also the files would appear on ram disk and may change every 24 hours meaning the server would need to reload them, if this is not possible we would need to restart the container.

What is the recommended way of doing this?

Answer 1

You can use configuration approach. Example in yaml configuration of webserver:

server:
  host: "0.0.0.0"
  port: 8080
  ssl:
    private-key:
      # on classpath
      keystore-resource-path: "certificate.p12"
      # in a file
      #keystore-path: "/tmp/cert.p12"
      keystore-passphrase: "helidon"

This is usable both in Helidon SE and in Helidon MP. The private key can be located on classpath, in a file, on a URL or base64 encoded in configuration See javadoc of class Resource: https://helidon.io/docs/v2/apidocs/io.helidon.common.configurable/io/helidon/common/configurable/Resource.html#create(io.helidon.config.Config) Prefix is keystore in this case. We do not support automated reloading of certificates. You need to restart the container.