Provide a convenient way of adding a custom root certificate authority cert

Question

Provide a convenient way of adding a custom root certificate authority cert

Rolf-MP opened this issue 2 years ago · 3 comments

What feature do you want to see added?

I would like to be able to e.g. volume map my root CA cert into a location in the Jenkins container and have the image import that/those cert(s) into the keystore being used by Jenkins at startup.

Upstream changes

No response

Answer 1 · 2023-05-13T10:54:27.000Z

Hi @Rolf-MP , you should be able to do so by mounting the certificate in the container, or by building your custom image instead: is there anything blocking you in this area?

Answer 2 · 2023-05-15T07:55:53.000Z

Hello Damien - thanks for your reply!

I do not have the steps handy but do remember that the ca-cert needs to be available for Tomcat/Jetty somehow if we want Jenkins to trust certificates issued by our company certificate authority.
Java/Jenkins - at least back when we originally put Jenkins in place did not use the system cacerts. I ran into a similar issue when migrating from VM to docker-image Jenkins deployment.

The title therefore says "convenient".
If - for the docker image - there would be a documented/env-var-settable location to mount the cacert to such that it would be automatically picked up for use by Jenkins at start of the container that would be convenient.

Maybe I overlooked something - very well possible ..

Answer 3 · 2023-10-10T21:15:43.000Z

Might be possible by changing our entrypoint to call this:
https://github.com/adoptium/containers/blob/898a806f10921208544fea3f5fa0dcef261c4f53/21/jdk/alpine/entrypoint.sh#L25