barabo
commented
3 months ago Ah, nevermind. I added -k to the curl command in the Dockerfile and it works now.
Closed barabo closed 3 months ago
barabo
commented
3 months ago Ah, nevermind. I added -k to the curl command in the Dockerfile and it works now.
barabo
commented
3 months ago For anyone else landing here, I also had to import my MITM certificate into a working cacerts file using keytool, then add another docker layer to copy it into the image jdk.
# From the repo root dir...
# cd into the location of your local jdk cacerts file.
SEC_LIB_DIR="$( dirname `which java` )/../lib/security )"
cd "${SEC_LIB_DIR}"
# import your MITM cert.
keytool -importcert -alias MITM -keystore ./cacerts -file ~/.certs/MITM.crt
# Return to the repo root dir.
cd -
cp "${SEC_LIB_DIR}/cacerts" .I also had to add this layer to the Dockerfile.
COPY cacerts /opt/java/openjdk/lib/security/
My employer uses a man-in-the-middle type of proxy for all network connections originating from my laptop. This means (for me, and others like me) that I can't build the JPA docker container - it fails when it tries to curl endpoints because it doesn't have special SSL configuration in place.
I'm wondering if there's anything I can do in the meantime to get this to build on my laptop, or if I'll have to wait for the proxy admins to make whatever change they need to make to enable functional docker builds for me again.
I'm also wondering if there's a 'loose' Dockerfile that could be created for unfortunate souls such as us - a Dockerfile that does not verify server SSL certificates. Or if there's already a way to disable cert verification, could someone point me to it, please? Thank you!