Promregator supports using system properties to specify SSL Contexts used for outgoing communications to scrape targets. The SSL Context is specified on the JVM level and thus cannot differ between targets. It will be applied to all targets.
The ability to configure an SSL Context allows Promregator to negotiate mTLS to targets and verify their certificates if signed by an alternate CA.
-
You have a keystore containing the client certificate for Promregator to use for outgoing communications
-
You have a Java trust store containing your CA
To start Promregator with an SSL Context you simply pass arguments to the JVM.
-
javax.net.ssl.keyStoreThe path to the Java keystore file containing the processes own certificate and private key. -
javax.net.ssl.keyStorePasswordPassword to access the keystore -
javax.net.ssl.trustStoreThe path to the Java trust store file containing the CA certificates that Promregator should trust -
javax.net.ssl.trustStorePasswordPassword to access the trust store -
javax.net.debugOptionally set this tosslto enable logging for the SSL/TLS layer
java -Djavax.net.ssl.keyStore=/home/example/key.jks -Djavax.net.ssl.keyStorePassword=example -Djavax.net.ssl.trustStore=/home/example/trust.jks -Djavax.net.ssl.trustStorePassword=exampleIf using the docker container you can specify these options using the JAVA_OPTS environment variable
docker run -e JAVA_OPTS='-Djavax.net.ssl.keyStore...' ...