Menu
I have a Java application containerized (docker) based on Distroless and I would like to add an SSL certificate in JVM's store.
I see an option like using Docker's RUN command to import the SSL certificate into JVM store using Java keytool option, but since Distroless doesn't come with Shell I couldn't able to use RUN command.
Is there a best way to add an SSL certificate into cacerts-Java with Distroless as Base image?
846
The steps to install a new certificate into the Java default truststore are: extract cert from server: openssl s_client -connect server:443. import certificate into truststore using keytool: keytool -import -alias alias.server.com -keystore $JAVA_HOME/jre/lib/security/cacerts.
We can use the exec form to write the command which doesn’t require a shell.
FROM gcr.io/distroless/java@sha256:da8aa0fa074d0ed9c4b71ad15af5dffdf6afdd768efbe2f0f7b0d60829278630
COPY my.crt /tmp/my.crt
RUN [\
"/usr/lib/jvm/java-11-openjdk-amd64/bin/keytool",\
"-import",\
"-trustcacerts",\
"-cacerts",\
"-noprompt",\
"-storepass",\
"changeit",\
"-alias",\
"my",\
"-file",\
"/tmp/my.crt"\
]
Be sure to adjust the command to your needs!
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
