Using TLS (Transport Layer Security)

Before you keep going, if you are considering using a self signed certificate, do consider using a free CA signed certificate from Let's Encrypt instead. It will save you a lot of hassle configuring self signed certificates everywhere you connect to the Pact Broker.

Connecting to a Pact Broker running over TLS

With a CA signed certificate

You shouldn't need to do anything, as the certificate authority's certificate should already be loaded into the store of your system.

With a self signed certificate

For JVM

Search for "Specifying a custom trust store" in the search bar and select the results for the appropriate tool.

For non-JVM

Set the SSL_CERT_FILE environment variable to point to a local file containing the certificate in PEM format. It will look something like this:

You'll need to configure the certificate both your development environment and your CI. It's a bit of a hassle, so again, do consider a CA signed certificate from Let's Encrypt instead.

You can use this Docker Compose file to spike and troubleshoot connecting to a broker with a self signed certificate. Once you have run docker-compose up once and seen it work with the built in files, replace the certificate and key files with your own and run docker-compose down and docker-compose up.

Extracting a copy of the certificate from a running Pact Broker

If you do not already have a copy of the certificate, you can extract it from Firefox.

Open a page in the Pact Broker in Firefox
Click on the lock icon next to the address bar
Click on the ">" (Show connection details) button
Click "More information"
Click "View Certificate"
Scroll down to Miscellaneous
Click "PEM (chain)" in the Download section

Connecting to a Pact Broker running over TLS​

With a CA signed certificate​

With a self signed certificate​

For JVM​

For non-JVM​

Extracting a copy of the certificate from a running Pact Broker​