Replacing Management CA/Web UI Certificate in Docker Container

[ian-perry-mia]

I've looked in a lot of places and it seems like there are several things that skirt on the edge of clicking in my mind, but nothing has quite made sense. Java and WildFly are also not my forte, the latter I never have used before this project. My current issue is when running behind a proxy (caddy with layer4 enabled, TLS passed through completely to EJBCA), I'm getting an HSTS error because it's presenting the management CA-signed certificate instead of using a certificate signed by my CA. (or better yet, something from zerossl/etc). If someone could give me pointers (or baby steps), it would be appreciated.

[primetomas]

Looks like you are leveraging TLS configured in WildFly in the EJBCA container and not a pod proxy? In general I would recommend to use a pod TLS proxy, as set up with EJBCA helm charts. If you need to use TLS directly on the EJBCA container look at mounting custom keystores and truststores in the doc. There are other thread here in discussions as well with examples how to set custom keystore and truststore for WildFly.