Importing self-signed cert into Docker's JRE cacert is not recognized by the service

Question

• A Java Service is running inside the Docker container, which access the external HTTPS url and its self-sign certificate is unavailable to the service/ JRE cacert keys

Answer 1

Here is a solution that worked for OpenJDK Java 11 based image.

A thing to mention before is that you can use either JDK image or JRE. The second option will require ca-certificates-java installed.

• Dockerfile for JDK based image:

FROM openjdk:11-jdk-slim
WORKDIR /opt/workdir/

#.crt file in the same folder as your Dockerfile
ARG CERT="certificate.crt"

#import cert into java
COPY $CERT /opt/workdir/
RUN keytool -importcert -file $CERT -alias $CERT -cacerts -storepass changeit -noprompt

...

• Dockerfile for JRE based image:

FROM openjdk:11-jre-slim
WORKDIR /opt/workdir/

#installing ca-certificates-java to import the certificate
RUN mkdir -p /usr/share/man/man1 \
    && apt-get update \
    && apt-get install -y ca-certificates-java

#.crt file in the same folder as your Dockerfile
ARG CERT="certificate.crt"

#import cert into java
COPY $CERT /opt/workdir/
RUN keytool -importcert -file $CERT -alias $CERT -cacerts -storepass changeit -noprompt

...

Also, as you can see from Dockerfiles' instructions above both of them require your certificate.crt file to be in the same folder.

Hope it helps!