Add a self signed certificate to java keystore in Artifactory when it runs in docker
Question
I'm running artifactory as a docker container in our environment by using docker-compose more or less equal the the official one: https://github.com/jfrog/artifactory-docker-examples/blob/master/docker-compose/artifactory/artifactory-pro.yml
When adding a remote repository, I found out that the certificate the remote is using is not trusted by my artifactory server:
Connection to remote repository failed: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
As far as I know I have to add the self signed root certificate, which is used by the server, needs to be added to the keystore of the used jvm which runs the artifactory. I found all the tutorials which show of how to do it on a regular installation, but none of how to do it in a docker container. I could try to exec into the container but this doesn't feel like being the correct way.
Does someone know how to add a self signed certificate to the cacert keystore inside of the artifactory docker container as part of the docker-compose script?
2 answers
solution1
0 2019-06-21 20:57:34
IN THEORY, you can have your keystore file in your host and then mount it to the container with -v option.
You also need to make the artifactory JVM use your new keystore. Do this by passing a "-e JAVA_OPTIONS=-Djavax.net.ssl.trustStore=" to the docker create/run command.
solution2
0 2022-11-14 06:42:45
Mount modified cacerts in docker-compose, artifactory-oss:7.46.6
volumes:
- <host path to cacerts>/cacerts:/opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.