Closed paul58914080 closed 1 month ago
I tried to solve this by adding custom certificate like this
FROM gcr.io/distroless/java17-debian12:nonroot
COPY my.crt /etc/ssl/certs
USER root
RUN [\
"/usr/lib/jvm/java-17-openjdk-amd64/bin/keytool",\
"-import",\
"-trustcacerts",\
"-cacerts",\
"-noprompt",\
"-storepass",\
"changeit",\
"-alias",\
"my",\
"-file",\
"/etc/ssl/certs/my.crt"\
]
USER nonroot
...
I think you can generate your java certs file locally and just drop it into /etc/ssl/certs/java/cacerts instead of trying to do this on the distroless container.
I would like to understand for a distroless image of
gcr.io/distroless/java17-debian12:nonroot
what is the best way to add a custom certificate(crt) to the jvm ?