Dockerfile Keytool Import Certificate Gradle Build and Tomcat Deploy

19-01-2022

We can use the following dockerfile to build gradle project. After build process, generated war file will be moved to /usr/local/tomcat/webapps/ directory.

If you need to add a custom certificate, you should copy the new certifacete to /etc/ssl/certs directory. Otherwise, Java Keytool is not importing the custom certificate from another location. (It took me 5 hours to reach this information.)

The last commands, for loop in this case, automatically imports existing certificates into cacerts.

FROM gradle:7.3.3-jdk8 AS build
ENV TIS_DATA=/home/tis-data
 #We added this code because gradle and tomcat override each other
RUN whoami
WORKDIR $TIS_DATA
COPY --chown=gradle:gradle . /home/gradle/src
WORKDIR /home/gradle/src
RUN gradle build --no-daemon

FROM tomcat:8.5.73
RUN rm -fr /usr/local/tomcat/webapps/ROOT
#after tomcat installed, JAVA_HOME is changed, so we will redirect

COPY --from=build /home/gradle/src/build/libs/ktbyigm.war /usr/local/tomcat/webapps/ROOT.war
COPY --from=build /home/gradle/src/src/main/resources/edevlet.pem /etc/ssl/certs/edevlet.pem

CMD ["catalina.sh", "run"]
EXPOSE 8080

#KTB SSL move
COPY ./gradle/ktb.pem /etc/ssl/certs/ktb.pem
COPY ./gradle/ktb.pem /usr/local/share/ca-certificates/ktb.pem
RUN ls /usr/local/share/ca-certificates
RUN ls /etc/ssl/certs
RUN update-ca-certificates
RUN $JAVA_HOME/bin/keytool -cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias edevlet -file /etc/ssl/certs/edevlet.pem

RUN for i in /etc/ssl/certs/*.pem; do yes | keytool -importcert -alias $i -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -file $i; done
RUN keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
In Windows Run: "C:\Program Files\Java\jdk1.8.0_202\bin\keytool.exe" -import -trustcacerts -alias googlecert -file "D:\certifs.pem"


If you use JDK as Java Home, you should change this command like this: C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -import -alias google_storage -keystore "C:\Program Files\Java\jdk1.8.0_202\jre\lib\security\cacerts" -file "D:\google_cloud.cer


If you encounter this error when running your app in glassfish, you should install the certifacete (.cer) file into the cacerts.jks located in the glassfish\domains\domain1\config as follows:

 "C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -import -alias googlecloud -keystore C:\glassfish5\domains\domain1\config\cacerts.jks -file "D:\google_cloud.cer"

Sometimes, Java uses JRE directory. In any case, install for JRE directory:

"C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -import -alias google_cloud -keystore "C:\Program Files\Java\jre1.8.0_202\lib\security\cacerts" -file "D:\certifs.pem"

© 2019 All rights reserved. Codesenior.COM