diff --git a/provider/indexer-gcp/README.md b/provider/indexer-gcp/README.md
index 373972ee9e4561bab282bb0e84e80954293724f0..475af4402b4b13b694a7079335b3caa0431f777b 100644
--- a/provider/indexer-gcp/README.md
+++ b/provider/indexer-gcp/README.md
@@ -147,6 +147,8 @@ You will need to have the following environment variables defined.
| `SEARCH_INTEGRATION_TESTER` | `********` | Service account for API calls. Note: this user must have entitlements configured already | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
| `SEARCH_HOST` | ex `http://localhost:8080/api/search/v2/` | Endpoint of search service | no | - |
| `STORAGE_HOST` | ex `http://os-storage-dot-opendes.appspot.com/api/storage/v2/schemas` | Storage API endpoint | Storage Host | no | output of infrastructure deployment |
+| `security.https.certificate.trust` | ex `false` | Elastic client connection uses TrustSelfSignedStrategy(), if it is 'true' | false | output of infrastructure deployment |
+
**Entitlements configuration for integration accounts**
diff --git a/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/Config.java b/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/Config.java
index 6568a88fd091f2dbf455d72ee5484d6a3c1115d0..6416e307518f2d86f76432138599c76154eb5ddc 100644
--- a/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/Config.java
+++ b/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/Config.java
@@ -22,6 +22,8 @@ public class Config {
private static final String DEFAULT_ENTITLEMENTS_DOMAIN = "";
+ private static final String DEFAULT_SECURITY_HTTPS_CERTIFICATE_TRUST = "false";
+
public static int getPort() {
return Integer.parseInt(getEnvironmentVariableOrDefaultValue("ELASTIC_PORT", String.valueOf(PORT)));
@@ -99,6 +101,12 @@ public class Config {
return getEnvironmentVariableOrDefaultValue("AWS_COGNITO_AUTH_PARAMS_PASSWORD", "");
}
+ public static boolean isSecurityHttpsCertificateTrust() {
+ return Boolean.parseBoolean(
+ getEnvironmentVariableOrDefaultValue("SECURITY_HTTPS_CERTIFICATE_TRUST",
+ DEFAULT_SECURITY_HTTPS_CERTIFICATE_TRUST));
+ }
+
private static String getEnvironmentVariableOrDefaultValue(String key, String defaultValue) {
String environmentVariable = getEnvironmentVariable(key);
if (environmentVariable == null) {
diff --git a/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/ElasticUtils.java b/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/ElasticUtils.java
index 207a95478c7632cac0b0ce303ee535776cb30dbe..a63b339ce9421eadddd7d5f5515d33833aef5ff3 100644
--- a/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/ElasticUtils.java
+++ b/testing/indexer-test-core/src/main/java/org/opengroup/osdu/util/ElasticUtils.java
@@ -319,7 +319,13 @@ public class ElasticUtils {
new BasicHeader("Authorization", String.format("Basic %s", Base64.getEncoder().encodeToString(usernameAndPassword.getBytes()))),
};
- if ("https".equals(scheme) && true) {
+ boolean isSecurityHttpsCertificateTrust = Config.isSecurityHttpsCertificateTrust();
+ log.info(String.format(
+ "Elastic client connection uses protocolScheme = %s with a flag "
+ + "'security.https.certificate.trust' = %s",
+ scheme, isSecurityHttpsCertificateTrust));
+
+ if ("https".equals(scheme) && isSecurityHttpsCertificateTrust) {
log.warning("Elastic client connection uses TrustSelfSignedStrategy()");
SSLContext sslContext = createSSLContext();
builder.setHttpClientConfigCallback(httpClientBuilder ->