Dockerfile Keytool Import Certificate Gradle Build and Tomcat Deploy
19-01-2022We can use the following dockerfile to build gradle project. After build process, generated war file will be moved to /usr/local/tomcat/webapps/ directory.
If you need to add a custom certificate, you should copy the new certifacete to /etc/ssl/certs directory. Otherwise, Java Keytool is not importing the custom certificate from another location. (It took me 5 hours to reach this information.)
The last commands, for loop in this case, automatically imports existing certificates into cacerts.
FROM gradle:7.3.3-jdk8 AS build ENV TIS_DATA=/home/tis-data #We added this code because gradle and tomcat override each other RUN whoami WORKDIR $TIS_DATA COPY --chown=gradle:gradle . /home/gradle/src WORKDIR /home/gradle/src RUN gradle build --no-daemon FROM tomcat:8.5.73 RUN rm -fr /usr/local/tomcat/webapps/ROOT #after tomcat installed, JAVA_HOME is changed, so we will redirect COPY --from=build /home/gradle/src/build/libs/ktbyigm.war /usr/local/tomcat/webapps/ROOT.war COPY --from=build /home/gradle/src/src/main/resources/edevlet.pem /etc/ssl/certs/edevlet.pem CMD ["catalina.sh", "run"] EXPOSE 8080 #KTB SSL move COPY ./gradle/ktb.pem /etc/ssl/certs/ktb.pem COPY ./gradle/ktb.pem /usr/local/share/ca-certificates/ktb.pem RUN ls /usr/local/share/ca-certificates RUN ls /etc/ssl/certs RUN update-ca-certificates RUN $JAVA_HOME/bin/keytool -cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias edevlet -file /etc/ssl/certs/edevlet.pem RUN for i in /etc/ssl/certs/*.pem; do yes | keytool -importcert -alias $i -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -file $i; done RUN keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeitIn Windows Run:
"C:\Program Files\Java\jdk1.8.0_202\bin\keytool.exe" -import -trustcacerts -alias googlecert -file "D:\certifs.pem"
If you use JDK as Java Home, you should change this command like this:
C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -import -alias google_storage -keystore "C:\Program Files\Java\jdk1.8.0_202\jre\lib\security\cacerts" -file "D:\google_cloud.cer
If you encounter this error when running your app in glassfish, you should install the certifacete (.cer) file into the cacerts.jks located in the glassfish\domains\domain1\config as follows:
"C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -import -alias googlecloud -keystore C:\glassfish5\domains\domain1\config\cacerts.jks -file "D:\google_cloud.cer"
Sometimes, Java uses JRE directory. In any case, install for JRE directory:
"C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -import -alias google_cloud -keystore "C:\Program Files\Java\jre1.8.0_202\lib\security\cacerts" -file "D:\certifs.pem"