How to add a SSL self-signed cert to Jenkins for LDAPS within Dockerfile?

Question

I want to enable LDAPS under security in Jenkins but my LDAP server has a self-signed CERT. Has anyone done this or have some pointers on doing this? Do I have to use keytoo

Answer 1

Run keytool to import the CA cert into your java keystore.

See:

telling java to accept self-signed ssl certificate

Answer 2

It turns out I just need to add this in the Dockerfile where ldap.cer is the cert chain for my self-signed cert.

COPY ldap.cer $JAVA_HOME/jre/lib/security
RUN \
    cd $JAVA_HOME/jre/lib/security \
    && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldap.cer

Answer 3

On our build server with jenkins, nexus and sonarqube we use a extracted and prepared cacerts file on the host using a start parameter for docker run.

See my answer on Stackoverflow "Importing self-signed cert into Docker's JRE cacert is not recognized by the service"