$JAVA_HOME env. variable)docker restart command), hoping that the service is also get restarted and pick the changes from JRE cacert. But this didn't happen, the Java service still fails to access external HTTPS URL.Any idea how a Java service running inside the Docker container pick the JRE cacert changes with new certificate import?
Hence imported the self-signed certificate of HTTPS external URL into Docker container's JRE cacert keystore.
No: you need to import it into the Docker image from which you run your container.
Importing it into the container would only create a temporary writable data layer, which will be discarded when you restart your container.
Something like this answer:
USER root
COPY ldap.cer $JAVA_HOME/jre/lib/security
RUN \
cd $JAVA_HOME/jre/lib/security \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldap.cer