runtime certificates loading for truststore

[dmikusa]

From @neoludo via https://github.com/spring-projects-experimental/spring-native/issues/1434

HI there,

I've followed instructions at https://paketo.io/docs/howto/configuration/#ca-certificates to add certificates at runtime. I can see that log at startup : Added 3 additional CA certificate(s) to system truststore

But when I'm listing certificates from inside my app, I dont see the 3 added certificates... It seems that build-time truststore is used.... I should have missed a step.

Can anyone help me, plz ?

Thanks Ludo

[dmikusa]

In the context of native image, it seems like we are missing something that is causing trusted certificates to not be loaded at runtime.

GraalVM has some specific behaviors for loading trusted certificates. We need to validate this with the general advice that we give to users about setting certificates in container images built by buildpack (i.e. bindings & ca-certificates CNB).

We should also validate with both GraalVM and Bellsoft Liberica NIK to ensure consistent behavior across both.

[sshemirani]

Hello, did you guys manage to do anything about this? Because the issue still exist!

[eidottermihi]

Can confirm the issue still exists. currently blocks the usage of native images with buildpacks if you rely on the ability to provide CA certificates at runtime :(