Certificates installation in containers on Linux servers

  • Certificate type — might need a conversion to a type supported by the base image.
  • Update command
#!/usr/bin/env bash
usage()
{
echo “Please insert certificates folder path \
to update CA-bundle.”
}
certificatesFolder=$1
if [ ${#certificatesFolder} -gt 1 ]
then
cp ${certificatesFolder}/*.* /usr/local/share/ca-certificates/
update-ca-certificates
fi
node --version
FROM node:lts-busterWORKDIR /app

COPY ./docker-entrypoint.sh .

EXPOSE 8088ENTRYPOINT ["sh", "/app/docker-entrypoint.sh"]
version: '3'
services:
my-server:
image: my-test-image:latest
container_name: my-test-container
user: root
restart: always
volumes:
- /var/myCerts/:/var/myCerts/
command:
- "/var/myCerts"

Build and test

1. Create the above files and place them under the same folder

docker build -t my-test-image .
docker-compose up
docker logs -f <containerID>
[root@template7–6 _aviad]# docker-compose up
Creating my-test-container … done
Attaching to my-test-container
my-test-container | Updating certificates in /etc/ssl/certs…
my-test-container | 1 added, 0 removed; done.
my-test-container | Running hooks in /etc/ca-certificates/update.d…my-test-container | done.
my-test-container | v14.16.1

To summarize

This post’s target is to give you a general idea about certificate installation in containers, I pointed out the guidelines, and how to use an entry point script with some basic code samples.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store