diff options
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java index 332c440d18e..09f8de40378 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tls/ControllerSslContextFactoryProvider.java @@ -65,7 +65,7 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple // Key store containing key pair from secret store factory.setKeyStore(KeyStoreBuilder.withType(KeyStoreType.JKS) - .withKeyEntry(getClass().getSimpleName(), privateKey(), certificate()) + .withKeyEntry(getClass().getSimpleName(), privateKey(), certificates()) .build()); factory.setKeyStorePassword(""); @@ -77,8 +77,11 @@ public class ControllerSslContextFactoryProvider extends AbstractComponent imple return KeyUtils.fromPemEncodedPrivateKey(secretStore.getSecret(config.privateKeySecret())); } - /** Get certificate from secret store */ - private List<X509Certificate> certificate() { + /** + * Get certificate from secret store. If certificate secret contains multiple certificates, e.g. intermediate + * certificates, the entire chain will be read + */ + private List<X509Certificate> certificates() { return X509CertificateUtils.certificateListFromPem(secretStore.getSecret(config.certificateSecret())); } |