Adding trust cert inside a docker container

Question

I have a keycloak running inside a docker and I want to add a trusted certificate, so I ssh in to the container and copy the cert file and imported the certificate via the keytool

${JAVA_JDK}/jre/bin/keytool \
    -import -trustcacerts \
    -alias "efactory-nimble_salzburgresearch_at.crt" -file efac.crt \
    -keystore ${JAVA_JDK}/jre/lib/security/cacerts \
    -storepass changeit \
    -noprompt

The response from the key tool was,

Picked up _JAVA_OPTIONS: -Xmx256m -Xms50m
Certificate was added to keystore

After successfully importing the certificate also Im getting this error in keycloak.

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So my question is does the jvm needs to be restarted after adding the certificate inside a docker container & does any one else also came across this issue ?

score 0 · Answer 1 · answered May 28 '19 at 11:57

Yes, the JVM needs restart after adding the certificate to the keystore - look here: Imported certificate to Java keystore, JVM ignores the new cert.

Other than that, you should probably have a more "persistent" way how to update the keystore since it'll be gone after the container is removed.

Adding trust cert inside a docker container

1 Answers1