Skip to main content

Using TLS (Transport Layer Security)

Before you keep going, if you are considering using a self signed certificate, do consider using a free CA signed certificate from Let's Encrypt instead. It will save you a lot of hassle configuring self signed certificates everywhere you connect to the Pact Broker.

Connecting to a Pact Broker running over TLS

With a CA signed certificate

You shouldn't need to do anything, as the certificate authority's certificate should already be loaded into the store of your system.

With a self signed certificate

For JVM

Search for "Specifying a custom trust store" in the search bar and select the results for the appropriate tool.

For non-JVM

Set the SSL_CERT_FILE environment variable to point to a local file containing the certificate in PEM format. It will look something like this:

-----BEGIN CERTIFICATE-----
MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlsb2Nh
bGhvc3QwIBcNMjAwOTI5MjI1NDQ0WhgPMjEyMDA5MDUyMjU0NDRaMBQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwQ
mGF9zXSkw93HUlpMxR/aLCTPjKMxc37iNRUBMSz6qVcs3Ue9mJChn9SK98aH3/at
R2+YBSdRqlqO5gOvkZyG0aMUMLx+vTXeZBJyR1qSSReKwxGtXmVPQRThUnKwDq6a
chjyH3PujWfF3ouMdLqixrxBEZd0E1b0Nqv939KurRSO3QkLGeEFr4U+WuMKowGG
lGMtE2Yhcm9LZUeXYay8XZpBvxHhnqv08+oIujUOgJ2oSD4q6Lg+lPUCH5SrMiIw
SShbI9NcmeTgBFAmd0qu2OgsRG9Io1W0z2V1tkb3y58GO/R93R4Te4MjnsVFH8u2
RWnpr65BqDQ1jXaGPXUCAwEAAaOBrDCBqTAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
DgQWBBSFm/ooxd2VawosFUyUTV2Y0Z+KhDA8BgNVHSMENTAzgBSFm/ooxd2Vawos
FUyUTV2Y0Z+KhKEYpBYwFDESMBAGA1UEAwwJbG9jYWxob3N0ggEBMDkGA1UdEQQy
MDCCCWxvY2FsaG9zdIILcGFjdC1icm9rZXKCFnBhY3QtYnJva2VyLXdpdGgtbmdu
aXgwDQYJKoZIhvcNAQELBQADggEBAC7powMNMXBi/qRNaPE/PCkoaA7eUGOWawkF
793TB6C1Z2Q6c5adbOAbRqr1CIM2MWZqCrvUbTSTIx5J8lvVwgkhfLYFlubpZd7o
XK++6gT1uzN8V992n43GU21R0C9YSq2ZX7Vt+T5O53R5+cdS60g5o722LUin2a4d
bTk5fOGqTBqgzp1BgJKIKhI9CIUeAUYwggCWOeZnq4dpMkXH1xbsk4MMSOTimWbe
2DMNyKGDRC744i/ejQqnnj+lvycgp9gVPaSRDVRz1Nd224Qd+9UAgAZUwMBsK9Zp
7goJryZdGS3/LJ6RUyXDBIsL93gvgrOIWRbZoVVjqhMQeL1TAwQ=
-----END CERTIFICATE-----

You'll need to configure the certificate both your development environment and your CI. It's a bit of a hassle, so again, do consider a CA signed certificate from Let's Encrypt instead.

You can use this Docker Compose file to spike and troubleshoot connecting to a broker with a self signed certificate. Once you have run docker-compose up once and seen it work with the built in files, replace the certificate and key files with your own and run docker-compose down and docker-compose up.

Extracting a copy of the certificate from a running Pact Broker

If you do not already have a copy of the certificate, you can extract it from Firefox.

  • Open a page in the Pact Broker in Firefox
  • Click on the lock icon next to the address bar
  • Click on the ">" (Show connection details) button
  • Click "More information"
  • Click "View Certificate"
  • Scroll down to Miscellaneous
  • Click "PEM (chain)" in the Download section