From 5bf0f4bf698add9a3e608b6089bbe997c15f8c14 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 22 Jan 2025 15:46:58 -0600 Subject: [PATCH 1/2] Add Java procedure --- .../manual-deployment.mdx | 52 ++++++++++++++++++- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx index 6da5a2e1d8959e..cfd788e4bb3089 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx @@ -626,6 +626,54 @@ To install a certificate for use in a Docker container: +### Java + +Java may have multiple certificate keystore locations depending on different installations or applications that include Java. Depending on your Java Virtual Machine (JVM) installation, you may need to install the certificate for each instance. You may also need to manually configure each Java application to use and trust the certificate. + +To trust a Cloudflare root certificate in the system JVM, follow the procedure for your operating system. These steps require you to [download a `.pem` certificate](#download-the-cloudflare-root-certificate). + + + + +1. Install [OpenSSL](https://www.openssl.org/). + +2. In a terminal, format the Cloudflare certificate for Java. + + ```sh + openssl x509 -in Cloudflare_CA.pem -inform pem -out Cloudflare_CA.der -outform der + ``` + +3. Import the converted format into the Java keystore. + + ```sh + sudo $JAVA_HOME/bin/keytool -import -trustcacerts -alias 'Cloudflare Root CA' -file Cloudflare_CA.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt 2>&1 + ``` + +4. Restart any instances of Java. + + + + + +1. Install [OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). + +2. In an administrator PowerShell terminal, format the Cloudflare certificate for Java. + + ```powershell + openssl x509 -in Cloudflare_CA.pem -inform pem -out Cloudflare_CA.der -outform der + ``` + +3. Import the converted format into the Java keystore. + + ```powershell + "%JAVA_HOME%\bin\keytool" -import -trustcacerts -alias "Cloudflare Root CA" -file Cloudflare_CA.der -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit -noprompt + ``` + +4. Restart any instances of Java. + + + + ### Google Cloud #### Google Cloud SDK @@ -662,7 +710,7 @@ If you use Kaniko with Google Cloud SDK, you must install a Cloudflare certifica #### Google Drive for desktop -To trust a Cloudflare root certificate in the Google Drive desktop application, follow the procedure for your operating system. These steps require you to [download the .pem certificate](#download-the-cloudflare-root-certificate). +To trust a Cloudflare root certificate in the Google Drive desktop application, follow the procedure for your operating system. These steps require you to [download a `.pem` certificate](#download-the-cloudflare-root-certificate). @@ -760,7 +808,7 @@ To set the location of the certificate for use as an environment variable: ### PHP Composer -The command below will set the [`cafile`](https://getcomposer.org/doc/06-config.md#cafile) configuration inside of `composer.json` to use the Cloudflare root certificate. Make sure to [download the certificate](#download-the-cloudflare-root-certificate) in the `.pem` file type. +The command below will set the [`cafile`](https://getcomposer.org/doc/06-config.md#cafile) configuration inside of `composer.json` to use the Cloudflare root certificate. Make sure to [download a certificate](#download-the-cloudflare-root-certificate) in the `.pem` file type. ```sh composer config cafile [PATH_TO_CLOUDFLARE_CERT.pem] From dfce240b4354032ad406aeefa18ed2d452fed05a Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 22 Jan 2025 15:56:56 -0600 Subject: [PATCH 2/2] Refine wording --- .../user-side-certificates/manual-deployment.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx index cfd788e4bb3089..3d87f75d714dcb 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx @@ -630,7 +630,7 @@ To install a certificate for use in a Docker container: Java may have multiple certificate keystore locations depending on different installations or applications that include Java. Depending on your Java Virtual Machine (JVM) installation, you may need to install the certificate for each instance. You may also need to manually configure each Java application to use and trust the certificate. -To trust a Cloudflare root certificate in the system JVM, follow the procedure for your operating system. These steps require you to [download a `.pem` certificate](#download-the-cloudflare-root-certificate). +To install a Cloudflare root certificate in the system JVM, follow the procedure for your operating system. These steps require you to [download a `.pem` certificate](#download-the-cloudflare-root-certificate). @@ -643,7 +643,7 @@ To trust a Cloudflare root certificate in the system JVM, follow the procedure f openssl x509 -in Cloudflare_CA.pem -inform pem -out Cloudflare_CA.der -outform der ``` -3. Import the converted format into the Java keystore. +3. Import the converted certificate into the Java keystore. ```sh sudo $JAVA_HOME/bin/keytool -import -trustcacerts -alias 'Cloudflare Root CA' -file Cloudflare_CA.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt 2>&1 @@ -663,7 +663,7 @@ To trust a Cloudflare root certificate in the system JVM, follow the procedure f openssl x509 -in Cloudflare_CA.pem -inform pem -out Cloudflare_CA.der -outform der ``` -3. Import the converted format into the Java keystore. +3. Import the converted certificate into the Java keystore. ```powershell "%JAVA_HOME%\bin\keytool" -import -trustcacerts -alias "Cloudflare Root CA" -file Cloudflare_CA.der -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit -noprompt