Importing self-signed cert into Docker’s JRE cacert is not recognized by the service

We Are Going To Discuss About Importing self-signed cert into Docker’s JRE cacert is not recognized by the service. So lets Start this Java Article.

Importing self-signed cert into Docker’s JRE cacert is not recognized by the service

  1. Importing self-signed cert into Docker's JRE cacert is not recognized by the service

    Hence imported the self-signed certificate of HTTPS external URL into Docker container's JRE cacert keystore.

  2. Importing self-signed cert into Docker's JRE cacert is not recognized by the service

    Hence imported the self-signed certificate of HTTPS external URL into Docker container's JRE cacert keystore.

Solution 1

Hence imported the self-signed certificate of HTTPS external URL into Docker container’s JRE cacert keystore.

No: you need to import it into the Docker image from which you run your container.

Importing it into the container would only create a temporary writable data layer, which will be discarded when you restart your container.

Something like this answer:

USER root
COPY ldap.cer $JAVA_HOME/jre/lib/security
RUN \
    cd $JAVA_HOME/jre/lib/security \
    && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldap.cer

Original Author VonC Of This Content

Solution 2

For using already configured java based containers like jenkins, sonarqube or nexus (e. g. if you run your own build server) I find it more convenient to mount a suitable cacerts-file into these containers with a parameter for docker run .

I use the cacerts file from openjdk as base:

  1. extracting cacerts from openjdk image using a temporary container:
docker pull openjdk:latest
docker run --rm --entrypoint cat openjdk:latest /etc/ssl/certs/java/cacerts > cacerts
  1. adding certificate to the extracted cacerts using a temporary container started from the same folder which also contains ldap.cer:
docker run --rm -v `pwd`:/tmp/certs openjdk:latest bash -c 'cd /tmp/certs && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias buenting-root -file ldap.cer'
  1. run your target docker container(s) mounting the extracted cacerts with a run-parameter, e. g. for sonarqube:
docker run ... -v /path/to/your/prepared/cacerts:/etc/ssl/certs/java/cacerts:ro ... sonarqube:lts

If there is a new version of openjdk you can update the cacerts-file on the host with commands from 1. and 2.

For updating the target image (e. g. sonarqube) you do not need to create your own image using Dockerfile and docker build.

Original Author Volker Seibt Of This Content

Solution 3

Here is a solution that worked for OpenJDK Java 11 based image.

A thing to mention before is that you can use either JDK image or JRE. The second option will require ca-certificates-java installed.

  • Dockerfile for JDK based image:
FROM openjdk:11-jdk-slim
WORKDIR /opt/workdir/

#.crt file in the same folder as your Dockerfile
ARG CERT="certificate.crt"

#import cert into java
COPY $CERT /opt/workdir/
RUN keytool -importcert -file $CERT -alias $CERT -cacerts -storepass changeit -noprompt

...
  • Dockerfile for JRE based image:
FROM openjdk:11-jre-slim
WORKDIR /opt/workdir/

#.crt file in the same folder as your Dockerfile
ARG CERT="certificate.crt"

#installing ca-certificates-java and then import cert into java
COPY $CERT /opt/workdir/
RUN mkdir -p /usr/share/man/man1 \
    && apt-get update \
    && apt-get install -y ca-certificates-java \
    && keytool -importcert -file $CERT -alias $CERT -cacerts -storepass changeit -noprompt

...

Also, as you can see from Dockerfiles’ instructions above both of them require your certificate.crt file to be in the same folder.

Original Author Serhii Povísenko Of This Content

Conclusion

So This is all About This Tutorial. Hope This Tutorial Helped You. Thank You.

Also Read,

Siddharth

I am an Information Technology Engineer. I have Completed my MCA And I have 4 Year Plus Experience, I am a web developer with knowledge of multiple back-end platforms Like PHP, Node.js, Python and frontend JavaScript frameworks Like Angular, React, and Vue.

Leave a Comment