Docker-alpine: How to add CA root certification (self-signed)

Created on 6 Mar 2017  路  5Comments  路  Source: gliderlabs/docker-alpine

I have self-signed CA root certification, and I try to add this to my custom alpine docker.

FROM alpine:3.4

# Install Self-signed Root CA
ADD cert/* /tmp/cert/
RUN apk add --no-cache ca-certificates && \
    mkdir /usr/share/ca-certificates/extra && \
    cp -R /tmp/cert/* /usr/share/ca-certificates/extra/ && \
    update-ca-certificates

After building container, I try to find out my certification installed properly with following comand. but I couldn't found my certification.

cat /etc/sslca-certificates.crt | grep CwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBDQUAA4IBAQAfcevn . (part of my cert)

Should I edit /etc/ca-certificates.conf file before update-ca-certifcates?

question
Source
picture spoon99

Most helpful comment

Hello, just adding for the future myself that the certificate(s) should be directly at the root under /usr/local/share/ca-certificates and not under a subdirectory otherwise it is not taken into account by the update-ca-certificates command. This is true at least for version 3.5.2 of Alpine Linux.

picture PierreBtz on 12 Dec 2017
👍42 👀1

All 5 comments

try copy your cert to /etc/ssh/certs instead

ncopa picture ncopa on 7 Mar 2017
👎54

There is also /usr/local/share/ca-certificates as per https://git.alpinelinux.org/cgit/aports/tree/main/ca-certificates/update-ca.c#n18.

andyshinn picture andyshinn on 5 May 2017
👍25

Hello, just adding for the future myself that the certificate(s) should be directly at the root under /usr/local/share/ca-certificates and not under a subdirectory otherwise it is not taken into account by the update-ca-certificates command. This is true at least for version 3.5.2 of Alpine Linux.

PierreBtz picture PierreBtz on 12 Dec 2017
👍42 👀1

Fix for @andyshinn 's broken link:
https://git.alpinelinux.org/aports/tree/main/ca-certificates/update-ca.c?id=2eb3d78f6c4d420f55cdd5d17f26e05920c74491#n18 (Note that this is a reference to outdated or moved code)
EDIT: Actually, https://github.com/weaveworks/flux/issues/1206 looks like it has the most up-to-date instructions

cowlinator picture cowlinator on 9 Jan 2019
👍2

try copy your cert to /etc/ssh/certs instead

i think you mean /etc/ssl/certs

codeliger picture codeliger on 13 Feb 2019
👍14
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kalaksi picture kalaksi  路  3Comments
frebib picture frebib  路  4Comments
michaelshobbs picture michaelshobbs  路  3Comments
rmNyro picture rmNyro  路  3Comments
robinmonjo picture robinmonjo  路  4Comments