diff --git a/controllers/solrcloud_controller_tls_test.go b/controllers/solrcloud_controller_tls_test.go index 6dff3d70..b0e1c471 100644 --- a/controllers/solrcloud_controller_tls_test.go +++ b/controllers/solrcloud_controller_tls_test.go @@ -522,7 +522,7 @@ func expectTLSConfigOnPodTemplateWithGomega(g Gomega, solrCloud *solrv1beta1.Sol break } } - expCmd := "openssl pkcs12 -export -in /var/solr/tls/tls.crt -in /var/solr/tls/ca.crt -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}" + expCmd := "OPTIONAL_CACRT=$(test -e /var/solr/tls/ca.crt && echo ' -in /var/solr/tls/ca.crt'); openssl pkcs12 -export -in /var/solr/tls/tls.crt $OPTIONAL_CACRT -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}" g.Expect(expInitContainer).To(Not(BeNil()), "Didn't find the gen-pkcs12-keystore InitContainer in the sts!") g.Expect(expInitContainer.Command[2]).To(Equal(expCmd), "Wrong TLS initContainer command") } diff --git a/controllers/util/solr_tls_util.go b/controllers/util/solr_tls_util.go index 676311b1..bb150f0f 100644 --- a/controllers/util/solr_tls_util.go +++ b/controllers/util/solr_tls_util.go @@ -707,8 +707,11 @@ func (tls *TLSConfig) generatePkcs12InitContainer(imageName string, imagePullPol }, } - cmd := "openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + TLSCertKey + " -in " + DefaultKeyStorePath + - "/ca.crt -inkey " + DefaultKeyStorePath + "/tls.key -out " + DefaultKeyStorePath + + caCrtFileName := DefaultKeyStorePath + "/ca.crt" + + cmd := "OPTIONAL_CACRT=$(test -e " + caCrtFileName + " && echo ' -in " + caCrtFileName + "'); " + + "openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + TLSCertKey + " $OPTIONAL_CACRT " + + "-inkey " + DefaultKeyStorePath + "/tls.key -out " + DefaultKeyStorePath + "/pkcs12/" + DefaultPkcs12KeystoreFile + " -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}" return corev1.Container{