CA certificate in Docker

Introduction #

It may be necessary to load a certificate into the Docker container and trust it. In the example below, a subdirectory selfsigned has been created in the directory where the docker-compose.yml was placed, containing the certificate and the associated script. A file with the following content must be created in this folder. In the example, the file is named trust_selfsigned.sh. The certificate to be copied has the file name CAcert.pem

Script #

#!/bin/bash

cp /opt/selfsigned/CAcert.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust
echo "Self-signed CA certificate has been added to OS trust store"

Next, in docker-compose.yml the script and the certificate must be mounted

Mount script and code #

services:
  relution:
    environment:
      ...
      - RELUTION_PRERUN_SCRIPT=/opt/selfsigned/trust_selfsigned.sh
    ...
    volumes:
      - './application.yml:/opt/relution/application.yml'
      - './selfsigned:/opt/selfsigned'

Output of the curl #

The function can be tested with a CURL.

[root@d4b846425890 relution]# curl -I https://selfsigned.server.relution.io
HTTP/1.1 302 Found
Date: Tue, 21 Sep 2021 12:37:10 GMT
Server: Apache/2.4.38 (Univention)
Location: https://selfsigned.server.relution.io/portal/
Content-Type: text/html; charset=iso-8859-1