Self Signed Certificates
This tutorial requires a Vault-CRD Version newer then 1.4.3
To use self signed certificates it's required to add to the main cacerts keystore the self signed certificate or the better solution is to add the root certificate of the self signed certificate.
For security reasons, I will not provide a way to ignore invalid certificates.
To build a Docker Image that contains a Self Signed Certificate we will use a Docker Image Pipeline. This Pipeline will take the default cacerts file from openjdk:8, add our self-signed certificate and afterwards add this certificate to our cacerts keystore.
1
FROM openjdk:8 AS BUILD
2
3
COPY cert.pem /additional_certs/cert.pem
4
RUN yes | keytool -importcert -alias selfsignedroot -keystore /usr/local/openjdk-8/jre/lib/security/cacerts -storepass changeit -file /additional_certs/cert.pem
Copied!
The last step is to add the edited cacerts keystore to vault-crd. Please replace in the FROM section the Docker Image Tag with the version you are planning to use:
1
FROM daspawnw/vault-crd:1.5.0
2
3
COPY --from=BUILD /usr/local/openjdk-8/jre/lib/security/cacerts /etc/ssl/certs/java/cacerts
Copied!
Here the full example
1
FROM openjdk:8 AS BUILD
2
3
COPY cert.pem /additional_certs/cert.pem
4
RUN yes | keytool -importcert -alias selfsignedroot -keystore /usr/local/openjdk-8/jre/lib/security/cacerts -storepass changeit -file /additional_certs/cert.pem
5
6
FROM daspawnw/vault-crd:1.4.3
7
8
COPY --from=BUILD /usr/local/openjdk-8/jre/lib/security/cacerts /etc/ssl/certs/java/cacerts
Copied!
Last modified 1yr ago
Copy link