Adding additional Certificate Authorities

[RLovelett]

I've been making use of these containers to deploy JIRA and so far it has really improved our environment. So thank you for that.

Though we effectively have to maintain a fork of your project because our company has a private CA that it uses for all internal assets. This comes into play because of LDAP authentication. When connecting to our LDAP server it does not trust the SSL connection.

Thankfully though installing the CA is not too difficult.

diff --git a/Dockerfile b/Dockerfile
index 10c0bad..8fd9ee7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,6 +33,11 @@ RUN set -x \
     && echo -e                 "\njira.home=$JIRA_HOME" >> "${JIRA_INSTALL}/atlassian-jira/WEB-INF/classes/jira-application.properties" \
     && touch -d "@0"           "${JIRA_INSTALL}/conf/server.xml"

+## Add Company Root Certificates
+ADD Company-Private-Issuing-CA-01.crt /usr/local/share/ca-certificates
+ADD Company-Private-Root-CA-02.crt /usr/local/share/ca-certificates
+RUN update-ca-certificates
+

The point is I'd really love to see some mechanism added to these containers so that we no longer need to maintain the fork.

Do you have any thoughts or suggestions on general solution to this problem, i.e., something that I could submit for inclusion?

[cptactionhank]

I would suggest putting certificates in a new Java KeyStore and put it in your JIRA home folder and then supplying Java JVM properties to change the default path to the keystore.

eg. javax.net.ssl.keyStore or other more relevant, use Google. You should be able to supply it though --env 'JAVA_OPTS=-Djavax.net.ssl.keyStore or --env 'CATALINA_OPTS=-Djavax.net.ssl.keyStore