When deploying the light-portal to the cloud, the light-config-server won’t be accessed directly by the services deployed to the public cloud. Services will access the config server through the light-router instance which is the entry point for all the backend platform services.
All services will access the config server with bootstrap.truststore to load the configuration from the config-server during the startup. It requires that the light-config-server private key will be imported to the light-router server.keystore.
Also, the light-router will access the light-config-server for the portal UI function, so we need to import the light-config-server cert to the light-router client.truststore.
import public key cert
It is easy to export the cert from the light-4j/server/src/main/resources/config/bootstrap.trustore with alias config-server and import it into the client.truststore of the light-router. Follow the instruction from the keystore-truststore.
import private key
If the keystore of the light-config-server is jks format, you need to export it to standardized format of PKCS12 format.
The default server.keystore format in the light-config-server is P12 format, so we just follow the command below to
copy the server.keystore to the light-router src/main/resources/config folder where the server.keystore located.