3 files changed, 21 insertions, 6 deletions

diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index 6df7505e7b..fa3de03ece 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -22,6 +22,7 @@ WORK_DIR=${WORK_DIR:-/updatedTruststore}
 ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
 JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
 TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
 
 mkdir -p $WORK_DIR
 
@@ -37,10 +38,10 @@ for f in $CERTS_DIR/*; do
     # Dont use onap truststore when aaf is disabled
     continue
   fi
-  if [ ${f: -3} = ".sh" ]; then
+  if echo $f | grep '\.sh$' >/dev/null; then
     continue
   fi
-  if [ ${f: -4} = ".b64" ]
+  if echo $f | grep '\.b64$' >/dev/null; then
     then
       base64 -d $f > $WORK_DIR/`basename $f .b64`
     else
@@ -49,8 +50,7 @@ for f in $CERTS_DIR/*; do
 done
 
 for f in $MORE_CERTS_DIR/*; do
-  if [ ${f: -4} == ".pem" ]
-    then
+  if echo $f | grep '\.pem$' >/dev/null; then
       cp $f $WORK_DIR/.
   fi
 done
@@ -67,7 +67,7 @@ fi
 
 # Import Custom Certificates
 for f in $WORK_DIR/*; do
-  if [ ${f: -4} = ".pem" ]; then
+  if echo $f | grep '\.pem$' >/dev/null; then
     echo "importing certificate: $f"
     keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
     if [ $? != 0 ]; then
@@ -76,3 +76,15 @@ for f in $WORK_DIR/*; do
     fi
   fi
 done
+
+# Import certificates to Linux SSL Truststore
+cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
+cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
+update-ca-certificates
+if [ $? != 0 ]
+  then
+    echo "failed importing certificates"
+    exit 1
+  else
+    cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
+fi
\ No newline at end of file
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index f3ba8a24e0..32bba457ee 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -174,6 +174,9 @@
 - mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
   name: updated-truststore
   subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+  name: updated-truststore
+  subPath: ca-certificates.crt
 {{- end -}}
 {{- end -}}
 
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 02595b348d..4b8438ace2 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -35,5 +35,5 @@ global:
       truststorePasswordSecretName: oom-cert-service-truststore-password
       truststorePasswordSecretKey: password
     certPostProcessor:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0