Update documentation of artifact repositories using untrusted TLS certificates #18131
Description
Is your enhancement related to a problem? Please describe.
The documentation "Using artifact repositories in a restricted environment" describes how to use artifact repositories that use TLS certificates signed by untrusted certificate authorities. The procedure is:
- Obtain the untrusted certificate
- Upload the certificate in a folder under
/projects/of the workspace pod - Patch a devfile with the instructions to make the certificates trusted
This procedure can be simplified if the untrusted certificates are provided to Che operator using a ConfigMap referenced in CheCluster server.serverTrustStoreConfigMapName or, on OpenShift, included in the system trusted CA bundle. In those cases the certificates are automatically mounted in the workspace containers under /public-certs.
Describe the solution you'd like
We should reference the documentation that explains how to import untrusted SSL certificates (currently being reworked here) and describe the extra steps required so that the TLS certificates under /public-certs are trusted by the dependency managers (maven, gradle etc...).
Steps "Obtain the untrusted certificate", "Upload the certificate in a folder under /projects of the workspace pod" should be removed.
Describe alternatives you've considered
The extra steps required so that the TLS certificates under /public-certs are trusted by the dependency managers (maven, gradle etc...) can be automated too. We will create a separate issue for that.