[ https://issues.jboss.org/browse/TEIIDSB-92?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIIDSB-92: --------------------------------------- I see that a lot looking at their issues. If it's seen as a corner case it's likely to never get attention. It seems like this could be a big effort as I'd first have to figure out what's wrong at a baseline with 4.1.0 / latest, then fix anything related to initContainers. The alternatives are: 1. add keytool and openssl to our image and move the generation logic out of the initContainer. The advantage of the service signed certificates is that it's possible for openshift clients to trust them (for java it likely means another init container to create the truststore). 2. use the keytool-maven-plugin to generate a self-signed cert at build time, then wire that in as a secret. Of course this will rotate the private key on each build, so we'd just have to document using the trust all option for clients. Realistically this is not any better than anonymous ssl - but I could not make anonymous work on openshift for some reason, even with overriding the disabled cipher suites. Also we'd potentially have to know how to enable the anonymous cipher suite across a variety of pg clients - which could be more difficult than just trusting the self-signed certificate. -- This message was sent by Atlassian Jira (v7.12.1#712002)