How to add CA root certification (self-signed)

[spoon99]

I have self-signed CA root certification, and I try to add this to my custom alpine docker.

FROM alpine:3.4

# Install Self-signed Root CA
ADD cert/* /tmp/cert/
RUN apk add --no-cache ca-certificates && \
    mkdir /usr/share/ca-certificates/extra && \
    cp -R /tmp/cert/* /usr/share/ca-certificates/extra/ && \
    update-ca-certificates

After building container, I try to find out my certification installed properly with following comand. but I couldn't found my certification.

cat /etc/sslca-certificates.crt | grep CwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBDQUAA4IBAQAfcevn . (part of my cert)

Should I edit /etc/ca-certificates.conf file before update-ca-certifcates?

[ncopa]

try copy your cert to /etc/ssh/certs instead

[andyshinn]

There is also /usr/local/share/ca-certificates as per https://git.alpinelinux.org/cgit/aports/tree/main/ca-certificates/update-ca.c#n18.

[PierreBtz]

Hello, just adding for the future myself that the certificate(s) should be directly at the root under /usr/local/share/ca-certificates and not under a subdirectory otherwise it is not taken into account by the update-ca-certificates command. This is true at least for version 3.5.2 of Alpine Linux.

[cowlinator]

Fix for @andyshinn 's broken link:
https://git.alpinelinux.org/aports/tree/main/ca-certificates/update-ca.c?id=2eb3d78f6c4d420f55cdd5d17f26e05920c74491#n18 (Note that this is a reference to outdated or moved code)
EDIT: Actually, fluxcd/flux#1206 looks like it has the most up-to-date instructions

[codeliger]

try copy your cert to /etc/ssh/certs instead

i think you mean /etc/ssl/certs