How-to Trust internal CA through Operator ?

[piellick]

Hi team,
When using internal services with TLS authentication, we are facing problems with integrating of our root certificate. What would be the best solution?

1st case where this is a problem, using an internal smtp with TLS for email notifications on Opensearch Dashboard:

EmailException javax.mail.MessagingException: Could not convert socket to TLS;                                                             │
│   nested exception is:                                                                                                                                                                                                                     │
│     javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     

We tried the use general.keystore with our CA Cert inside a secret without conclusive result:

 general:
    # ...
    keystore:
    - secret:
        name: internal-root-ca
      keyMappings:
        ca.crt: ca.crt

Using initContainer would be the solution?

Thanks a lot

[prudhvigodithi]

[Triage]
Hey @piellick if I'm not wrong you trying to connect to an smtp server through dashboards pod and you end up this PKIX error? If so you can try add the root CA cert, by the way did you try with keytool manually inside the pod to update the cacerts?
https://docs.microfocus.com/SM/9.41/Classic/Content/security/tasks/update_the_cacerts_keystore_file.htm