Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Using custom SSL certificates for CPM communication with Horde


#1

When using the Containerized Private Minion, you may find yourself deploying it in a network context where a private certificate authority is in use. The presence of this certificate in the certificate chain for requests to our API endpoint Horde (synthetics-horde.nr-data.net / synthetics-horde.eu01.nr-data.net) will break the chain of trust and cause the request to fail.

Since the minion is a Java application, this private CA will need to be added to the JVM trust store. This can be done by wrapping the minion docker image in a new docker image that performs this import.

  1. In a new directory, create a file called Dockerfile
  2. In the same directory create a sub directory, lets say /certs that contains the cert you want to install
  3. Edit Dockerfile with the following contents:
FROM quay.io/newrelic/synthetics-minion:latest
COPY certs /etc/certs
RUN keytool -noprompt -import -alias proxy -file /etc/certs/charles-ssl-proxying-certificate.pem -keystore /opt/jdk/jre/lib/security/cacerts -storepass changeit
  1. Build the docker image from the directory that Dockerfile is in. Lets name it minion-with-cert
$ docker build --tag minion-with-cert .

Now launch the minion as you would but with the new wrapper image (minion-with-cert). This should install the cert to the JVM trust store before the Minion Application launches:

sudo docker run -e MINION_PRIVATE_LOCATION_KEY=your-private-location-key -e "MINION_LOG_LEVEL=DEBUG" -v /tmp:/tmp:rw -v /var/run/docker.sock:/var/run/docker.sock:rw minion-with-cert