Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include system CA certificates? #75

Open
faandg opened this issue Apr 3, 2024 · 0 comments
Open

Include system CA certificates? #75

faandg opened this issue Apr 3, 2024 · 0 comments

Comments

@faandg
Copy link

faandg commented Apr 3, 2024

I'm trying to include a company CA in a UBI8/9 based image of OpenLiberty.

COPY --chmod=0644 company-root-ca.pem /etc/pki/ca-trust/source/anchors
RUN update-ca-trust

I verified that the Basic Constraints extension with CA:TRUE is set correct and the CA is successfully added to /etc/pki/ca-trust/extracted/java/cacerts.
However running features.sh from the OpenLiberty ubi image fails with a certificate validation error.
Adding the CA directly to /opt/java/openjdk/jre/lib/security/cacerts works but it's not recommended.

Are system certificates from /etc/pki/ca-trust/extracted/java/cacerts not automatically added when the java runtime is called? Is there additional configuration to be added I am unaware of?

Additional info:

$ echo $JAVA_HOME
/opt/java/openjdk

$ java -version
openjdk version "1.8.0_402"
IBM Semeru Runtime Open Edition (build 1.8.0_402-b06)
Eclipse OpenJ9 VM (build openj9-0.43.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20240131_861 (JIT enabled, AOT enabled)
OpenJ9   - 2c3d78b48
OMR      - ea8124dbc
JCL      - 0fa9d9c532 based on jdk8u402-b06)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@faandg