CAS 6.3 add selfsigned certificate to store certificate on docker deployment

[José Ramón Martín Magdalena]

Good morning to everyone,

First of all I want to congratulate this entire community for the support they provide to the uninitiated in everything related to home and to apologize for my rusty English.

I will explain where I am stuck.

We have a cas service deployed in a kubernettes cluster and we want to add the recaptcha option to it.

We also have an internet access firewall in our organization that allows only encrypted traffic with the certificate of the aforementioned firewall.

The problem that I am finding is in adding this certificate to the trusted certificate store in the docker image because jibDockerBuild does not add the certificate store of the development machine but a clean one.

I have added the certificate file in / etc / cas / config / and I am trying to import it through the Dockerfile without any success.

any ideas?

Thanks in advance for the help.

Dockerfile--------------------

FROM adoptopenjdk/openjdk11:alpine-slim AS overlay

RUN mkdir -p cas-overlay

COPY ./src cas-overlay/src/

COPY ./gradle/ cas-overlay/gradle/

COPY ./gradlew ./settings.gradle ./build.gradle ./gradle.properties /cas-overlay/

RUN mkdir -p ~/.gradle \

    && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties \

    && echo "org.gradle.configureondemand=true" >> ~/.gradle/gradle.properties \

    && cd cas-overlay \

    && chmod 750 ./gradlew \

    && ./gradlew --version;

RUN cd cas-overlay \

    && ./gradlew clean build --parallel --no-daemon;

FROM adoptopenjdk/openjdk11:alpine-jre AS cas

LABEL "Organization"="Apereo"

LABEL "Description"="Apereo CAS"

RUN cd / \

    && mkdir -p /etc/cas/config \

    && mkdir -p /etc/cas/services \

    && mkdir -p /etc/cas/saml \

    && mkdir -p cas-overlay;

COPY --from=overlay cas-overlay/build/libs/cas.war cas-overlay/

COPY etc/cas/ /etc/cas/

COPY etc/cas/config/ /etc/cas/config/

COPY etc/cas/services/ /etc/cas/services/

COPY etc/cas/saml/ /etc/cas/saml/

EXPOSE 8080 8443

ENV PATH $PATH:$JAVA_HOME/bin:.

WORKDIR cas-overlay

ENTRYPOINT ["java", "-server", "-noverify", "-Xmx2048M", "-jar", "cas.war"]

CMD ["/opt/java/openjdk/bin/keytool","-noprompt -importcert -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -file /etc/cas/config/FNGFW_cert_der.crt -alias firewall-cert"]

------------------------------------------

[José Ramón Martín Magdalena]

Solved