Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
347 views
in Technique[技术] by (71.8m points)

java - Importing self-signed cert into Docker's JRE cacert is not recognized by the service

  • A Java Service is running inside the Docker container, which access the external HTTPS url and its self-sign certificate is unavailable to the service/ JRE cacert keystore and therefore connection fails.
  • Hence imported the self-signed certificate of HTTPS external URL into Docker container's JRE cacert keystore. (after checking the $JAVA_HOME env. variable)
  • Restarted the Docker container (using docker restart command), hoping that the service is also get restarted and pick the changes from JRE cacert. But this didn't happen, the Java service still fails to access external HTTPS URL.

Any idea how a Java service running inside the Docker container pick the JRE cacert changes with new certificate import?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Hence imported the self-signed certificate of HTTPS external URL into Docker container's JRE cacert keystore.

No: you need to import it into the Docker image from which you run your container.

Importing it into the container would only create a temporary writable data layer, which will be discarded when you restart your container.

Something like this answer:

USER root
COPY ldap.cer $JAVA_HOME/jre/lib/security
RUN 
    cd $JAVA_HOME/jre/lib/security 
    && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldap.cer

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...