CA Certificate Container for Docker
This project provides you with an alpine image that keeps your ca-certificates up2date. It also allows you to add custom certificates to use in all of your docker containers, which is useful if you use a registry with a self-signed certificate.
First you need to create a data-only container, which will share you cert-data over all containers.
docker create --name cert philippheuer/docker-certificates
How to update the RootCA:
docker run -it --rm --volumes-from cert philippheuer/docker-certificates ca-update
To use custom certificates, you need to mount them at /etc/ssl/certs_custom/CERTNAME.crt
and it will be appended to the root certificate file by running the ca-update
script.
docker run -it --rm \
--volumes-from cert \
--volume /LOCALPATH/file.crt:/etc/ssl/certs_custom/file.crt \
philippheuer/docker-certificates ca-update
Now you need to append the following part when you create your containers --volumes-from cert:ro
. This will mount the ca-certificates.crt
in read-ony mode.
Example:
docker run -it --rm --volumes-from cert:ro alpine sh
Released under the MIT license.