I am upgrading an existing project to Spring Boot 3 to run as a native image. My application requires a custom trust store to connect to OpenLDAP, earlier I used to create a uber jar and provide the truststore path as system arguments when running the jar as shown below.
java -jar -Djavax.net.ssl.trustStore=/Users/ladu/Downloads/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
To build a native executable, I need to compile using a native image plugin (org.graalvm.buildtools:native-maven-plugin). With native:compile phase, I have added the system properties but it doesn't seem to work as when I run the executable, I get an error indicating certificates are not present.
./mvnw -Pnative native:compile -Djavax.net.ssl.trustStore=/Users/ladu/Downloads/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
How do I provide the system properties at runtime, is it in the build phase like above but with some other syntax, or when running the executable but how?
How to provide to native image on runtime explained like below
If, on the other hand, you run the executable with app -Dfoo=bar, it will display foo in the list of properties because you specified it at executable runtime.
In other words:
Passing -D= as an argument to native-image affects properties seen at executable build time. Passing -D= as an argument to a native executable affects properties seen at executable runtime.
So if you run the native image like "/app/demo -Djavax.net.ssl.trustStore=/Users/ladu/Downloads/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit" it should work.
Check this page for more details. And graalvm supports javax.net.ssl truststore
Run-time Options
The certificate file can also be changed dynamically at run time via setting the javax.net.ssl.trustStore* system properties.
If any of the following system properties are set during the image execution, native-image also requires javax.net.ssl.trustStore to be set, and for it to point to an accessible certificate file:
javax.net.ssl.trustStore
javax.net.ssl.trustStoreType
javax.net.ssl.trustStoreProvider
javax.net.ssl.trustStorePassword
For full documentation please check here