add: secure connection for docker compose (#2344)

Signed-off-by: Viet Nguyen Duc <[email protected]>

Author: VietND96

.gitignore

@@ -153,3 +153,4 @@ ENV/
 /charts/*/**.lock
 /charts/*.tgz
 /charts/*/RELEASE_NOTES.md
+Base/certs

Base/Dockerfile

@@ -90,7 +90,7 @@ RUN  if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
 #==========
 # Selenium & relaxing permissions for OpenShift and other non-sudo environments
 #==========
-  && mkdir -p /opt/selenium /opt/selenium/assets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
+  && mkdir -p /opt/selenium /opt/selenium/assets /opt/selenium/secrets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
     ${HOME}/.mozilla ${HOME}/.vnc ${HOME}/.pki/nssdb \
   # NSSDB initialization with an empty password
   && certutil -d sql:${HOME}/.pki/nssdb -N --empty-password \
@@ -134,11 +134,20 @@ COPY --chown="${SEL_UID}:${SEL_GID}" check-grid.sh entry_point.sh configs/node/n
 #======================================
 COPY supervisord.conf /etc
 
+#===================================================
+# Add the default self-signed certificate to the bundle CA
+#===================================================
+ARG CERT_TRUST_ATTR=TCu,Cu,Tu
+COPY --chown="${SEL_UID}:${SEL_GID}" certs/add-cert-helper.sh certs/add-jks-helper.sh /opt/bin/
+COPY --chown="${SEL_UID}:${SEL_GID}" certs/tls.crt certs/tls.key certs/server.jks certs/server.pass /opt/selenium/secrets/
+
 #===================================================
 # Run the following commands as non-privileged user
 #===================================================
 USER ${SEL_UID}:${SEL_GID}
 
+RUN /opt/bin/add-jks-helper.sh -d /opt/selenium/secrets \
+    && /opt/bin/add-cert-helper.sh -d /opt/selenium/secrets ${CERT_TRUST_ATTR}
 #======================================
 # Configure environement
 #======================================
@@ -150,6 +159,11 @@ ENV SE_BIND_HOST=false \
     SE_OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED=true \
     SE_OTEL_TRACES_EXPORTER="otlp" \
     SE_SUPERVISORD_LOG_LEVEL="info" \
-    SE_OPT_BIN="/opt/bin"
+    SE_ENABLE_TLS=false \
+    SE_JAVA_SSL_TRUST_STORE="/opt/selenium/secrets/server.jks" \
+    SE_JAVA_SSL_TRUST_STORE_PASSWORD="/opt/selenium/secrets/server.pass" \
+    SE_JAVA_DISABLE_HOSTNAME_VERIFICATION=true \
+    SE_HTTPS_CERTIFICATE="/opt/selenium/secrets/tls.crt" \
+    SE_HTTPS_PRIVATE_KEY="/opt/selenium/secrets/tls.key"
 
 CMD ["/opt/bin/entry_point.sh"]

Base/entry_point.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-NODE_CONFIG_DIRECTORY=${NODE_CONFIG_DIRECTORY:-$SE_OPT_BIN}
+NODE_CONFIG_DIRECTORY=${NODE_CONFIG_DIRECTORY:-"/opt/bin"}
 #==============================================
 # OpenShift or non-sudo environments support
 # https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines

Distributor/start-selenium-grid-distributor.sh

@@ -69,23 +69,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
   SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
 fi
 
-if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
-  echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
-  SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
-fi
-
-if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
-  echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-  SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-fi
-
-if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
-  echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
+if [ "${SE_ENABLE_TLS}" = "true" ]; then
+  # Configure truststore for the server
+  if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+  fi
+  if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
+  fi
+  if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
+  fi
+  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  # Configure certificate and private key for component communication
+  if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
+    echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
+    SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
+  fi
+  if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
+    echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+    SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+  fi
 fi
 
 if [ ! -z "$SE_REGISTRATION_SECRET" ]; then

EventBus/start-selenium-grid-eventbus.sh

@@ -34,23 +34,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
   SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
 fi
 
-if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
-  echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
-  SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
-fi
-
-if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
-  echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-  SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-fi
-
-if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
-  echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
+if [ "${SE_ENABLE_TLS}" = "true" ]; then
+  # Configure truststore for the server
+  if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+  fi
+  if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
+  fi
+  if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
+  fi
+  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  # Configure certificate and private key for component communication
+  if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
+    echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
+    SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
+  fi
+  if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
+    echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+    SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+  fi
 fi
 
 EXTRA_LIBS=""

Hub/start-selenium-grid-hub.sh

@@ -37,23 +37,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
   SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
 fi
 
-if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
-  echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
-  SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
-fi
-
-if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
-  echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-  SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-fi
-
-if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
-  echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
+if [ "${SE_ENABLE_TLS}" = "true" ]; then
+  # Configure truststore for the server
+  if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+  fi
+  if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
+  fi
+  if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
+  fi
+  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  # Configure certificate and private key for component communication
+  if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
+    echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
+    SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
+  fi
+  if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
+    echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+    SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+  fi
 fi
 
 if [ ! -z "$SE_REGISTRATION_SECRET" ]; then

Makefile

@@ -69,6 +69,8 @@ ci: build test
 
 base:
 	rm -rf ./Base/configs/node && mkdir -p ./Base/configs/node && cp -r ./charts/selenium-grid/configs/node ./Base/configs
+	rm -rf ./Base/certs && cp -r ./charts/selenium-grid/certs ./Base
+	./Base/certs/gen-cert-helper.sh -d ./Base/certs
 	cd ./Base && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg VERSION=$(BASE_VERSION) --build-arg RELEASE=$(BASE_RELEASE) --build-arg AUTHORS=$(AUTHORS) -t $(NAME)/base:$(TAG_VERSION) .
 
 base_nightly:
@@ -554,6 +556,8 @@ test_chromium_standalone:
 
 test_parallel: hub chrome firefox edge chromium
 	sudo rm -rf ./tests/tests
+	sudo rm -rf ./tests/videos; mkdir -p ./tests/videos
+	sudo cp -r ./charts/selenium-grid/certs ./tests/videos
 	for node in DeploymentAutoscaling JobAutoscaling ; do \
 			cd ./tests || true ; \
 			echo TAG=$(TAG_VERSION) > .env ; \
@@ -571,6 +575,8 @@ test_parallel: hub chrome firefox edge chromium
 					echo NODE_CHROME=chromium >> .env ; \
 			fi; \
 			echo TEST_PLATFORMS=$(PLATFORMS) >> .env ; \
+			echo SELENIUM_GRID_PROTOCOL=https >> .env ; \
+			echo CHART_CERT_PATH=$$(readlink -f ./videos/certs/tls.crt) >> .env ; \
 			export $$(cat .env | xargs) ; \
 			DOCKER_DEFAULT_PLATFORM=$(PLATFORMS) docker compose --profile $(PLATFORMS) -f docker-compose-v3-test-parallel.yml up -d --no-log-prefix ; \
 			RUN_IN_DOCKER_COMPOSE=true bash ./bootstrap.sh $$node ; \

NodeBase/start-selenium-node.sh

@@ -76,23 +76,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
   SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
 fi
 
-if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
-  echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
-  SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
-fi
-
-if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
-  echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-  SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-fi
-
-if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
-  echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
+if [ "${SE_ENABLE_TLS}" = "true" ]; then
+  # Configure truststore for the server
+  if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+  fi
+  if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
+  fi
+  if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
+  fi
+  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  # Configure certificate and private key for component communication
+  if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
+    echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
+    SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
+  fi
+  if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
+    echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+    SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+  fi
 fi
 
 if [ ! -z "$SE_REGISTRATION_SECRET" ]; then

NodeDocker/start-selenium-grid-docker.sh

@@ -44,23 +44,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
   SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
 fi
 
-if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
-  echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
-  SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
-fi
-
-if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
-  echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-  SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
-fi
-
-if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
-  echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
-  echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
-  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
-  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
+if [ "${SE_ENABLE_TLS}" = "true" ]; then
+  # Configure truststore for the server
+  if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
+  fi
+  if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
+  fi
+  if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
+    echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
+    SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
+  fi
+  echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
+  # Configure certificate and private key for component communication
+  if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
+    echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
+    SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
+  fi
+  if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
+    echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+    SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
+  fi
 fi
 
 EXTRA_LIBS=""