Import CA certificate during startup of docker container

[justsomebody42]

I have a private CA which I use to secure all of my selfhosted applications to allow trusted access after importing the CA certificate. OpenHAB3 (running as docker container) interacts with a couple of these applications and thus needs to import the CA certificate as well. I currently do so manually after each update by copying the ca certificate to /usr/local/share/ca-certificates and running update-ca-certificates. This requires a restart of the container and has of course to be repeated each time the container is recreated (e.g. during updates).

I was wondering, if it would be possible to add some kind of init routine to check for a certificate in the userdata folder during startup and add a provided certificate automatically.

Your Environment

• Version used: 4.0.3
• Environment name and version: running in docker container

[wborn]

You can run a script before it starts openHAB, see:

https://github.com/openhab/openhab-docker/tree/main#executing-shell-scripts-before-openhab-is-started

There are some examples of the scripts here:

https://github.com/openhab/openhab-docker/tree/main/contrib/cont-init.d

So it will probably work if it looks like:

#!/bin/bash -ex

cp "${OPENHAB_USERDATA}/etc/my-certificate" /usr/local/share/ca-certificates
update-ca-certificates

[rkoshak]

You could also just mount the certificate as a volume and the script would just need to run update-ca-certificates.

Another approach is you could create a new Image based on the openHAB image with the certificate already part of the image and update-ca-certificates already run.

It all depends on how you want to maintain it.

[justsomebody42]

Thanks a lot for your suggestions! I will try it next week, as I'm out this week and provide feedback :)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.