jenkinsci/docker

Provide a convenient way of adding a custom root certificate authority cert

Rolf-MP opened this issue · 6 comments

What feature do you want to see added?

I would like to be able to e.g. volume map my root CA cert into a location in the Jenkins container and have the image import that/those cert(s) into the keystore being used by Jenkins at startup.

Upstream changes

No response

Hi @Rolf-MP , you should be able to do so by mounting the certificate in the container, or by building your custom image instead: is there anything blocking you in this area?

Hello Damien - thanks for your reply!

I do not have the steps handy but do remember that the ca-cert needs to be available for Tomcat/Jetty somehow if we want Jenkins to trust certificates issued by our company certificate authority.
Java/Jenkins - at least back when we originally put Jenkins in place did not use the system cacerts. I ran into a similar issue when migrating from VM to docker-image Jenkins deployment.

The title therefore says "convenient".
If - for the docker image - there would be a documented/env-var-settable location to mount the cacert to such that it would be automatically picked up for use by Jenkins at start of the container that would be convenient.

Maybe I overlooked something - very well possible ..