To use already configured java containers, such as jenkins, sonarqube or nexus (for example, if you run your own build server), it is more convenient for me to mount the appropriate cacerts file in these containers with the option to launch docker.
I use the cacerts from openjdk as a base:
- extracting
cacerts from an openjdk image using a temporary container:
docker pull openjdk:latest docker run --rm --entrypoint cat openjdk:latest /etc/ssl/certs/java/cacerts > cacerts
- adding a certificate to the extracted
cacerts using a temporary container launched from the same folder that also contains ldap.cer :
docker run --rm -v `pwd`:/tmp/certs openjdk:latest bash -c 'cd /tmp/certs && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias buenting-root -file ldap.cer'
- run the target docker (s) container mounting the extracted
cacerts with the run, e parameter. d. for sonarqube :
docker run ... -v /path/to/your/prepared/cacerts:/etc/ssl/certs/java/cacerts:ro ... sonarqube:lts
If there is a new version of openjdk, you can update the cacerts file on the host with commands from 1. and 2.
To update the target image (e.g. sonarqube ) you do not need to create your own image using the Dockerfile and docker build .