Importing self-signed cert into Docker's JRE cacert is not recognized by the service

  • A Java Service is running inside the Docker container, which access the external HTTPS url and its self-sign certificate is unavailable to the service/ JRE cacert keystore and therefore connection fails.
  • Hence imported the self-signed certificate of HTTPS external URL into Docker container’s JRE cacert keystore. (after checking the $JAVA_HOME env. variable)
  • Restarted the Docker container (using “docker restart” command), hoping that the service is also get restarted and pick the changes from JRE cacert. But this didn’t happen, the Java service still fails to access external HTTPS URL.

Any idea how a Java service running inside the Docker container pick the JRE cacert changes with new certificate import?

  • Docker push failed due to “access denied… private image”
  • `docker-machine env $VMNAME` hangs even when I'm _not_ using a VPN client like Cisco AnyConnect
  • docker-machine command fails on openstack
  • Docker & Python: Function that changes system time
  • How to access environment variables in grunt application *after* it has been built
  • Can I configure ECS to automatically purge old container [images] from my EC2 instances?
  • Rebuild container after each change?
  • How do use external_links to connect docker-compose to common service?
  • Docker volume initialization - copying data from image to container
  • Alpine linux in docker container ignoring shell script arguments
  • How I can create docker-machine from Command-Line on Docker for Mac without VirtualBox?
  • How can i create a folder inside the shared volume with the correct permission in docker?
  • One Solution collect form web for “Importing self-signed cert into Docker's JRE cacert is not recognized by the service”

    Hence imported the self-signed certificate of HTTPS external URL into Docker container’s JRE cacert keystore.

    No: you need to import it into the Docker image from which you run your container.

    Importing it into the container would only create a temporary writable data layer, which will be discarded when you restart your container.

    Something like this answer:

    USER root
    COPY ldap.cer $JAVA_HOME/jre/lib/security
    RUN \
        cd $JAVA_HOME/jre/lib/security \
        && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldap.cer
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.