javadockerhttpsdocker-composedocker-machine

Importing self-signed cert into Docker's JRE cacert is not recognized by the service


Any idea how a Java service running inside the Docker container pick the JRE cacert changes with new certificate import?


Solution

  • Hence imported the self-signed certificate of HTTPS external URL into Docker container's JRE cacert keystore.

    No: you need to import it into the Docker image from which you run your container.

    Importing it into the container would only create a temporary writable data layer, which will be discarded when you restart your container.

    Something like this answer:

    USER root
    COPY ldap.cer $JAVA_HOME/jre/lib/security
    RUN \
        cd $JAVA_HOME/jre/lib/security \
        && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldap.cer