我想在Docker容器中的Jenkins上配置ldaps。
问题:Jenkins将不信任我的证书,(由Wireshark跟踪确认,似乎证书没有加载到密钥库(或正确的密钥库)中]
错误消息:
在Jenkins中: [根本异常是javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:
已执行故障排除:
FROM jenkinsci/blueocean
USER root
COPY ["entrypoint.sh", "/"]
RUN apk add sudo && chmod 755 /entrypoint.sh
ENTRYPOINT ["/bin/bash","-c","./entrypoint.sh"]
COPY ["ldapRoot.cer", "/tmp"]
RUN \
cd /tmp \
&& keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldapRoot.cer
这是docker-compose的日志输出:
docker-compose up --build Building jenkins Step 1/7 : FROM jenkinsci/blueocean ---> 9e29fdde63cc Step 2/7 : USER root ---> Using cache ---> 597101d109b7 Step 3/7 : COPY ["entrypoint.sh", "/"] ---> Using cache ---> 32eea6c01a84 Step 4/7 : RUN apk add sudo && chmod 755 /entrypoint.sh ---> Using cache ---> 28858a5e6ec5 Step 5/7 : ENTRYPOINT ["/bin/bash","-c","./entrypoint.sh"] ---> Using cache ---> f466e9893c75 Step 6/7 : COPY ["ldapRoot.cer", "/tmp"] ---> 64dda06d6ed4 Step 7/7 : RUN cd /tmp && keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ldapcert -file ldapRoot.cer ---> Running in 95309101bec9 Certificate was added to keystore Removing intermediate container 95309101bec9 ---> cff58441080f Successfully built cff58441080f Successfully tagged docker_jenkins:latest Recreating docker_jenkins_1 ... done
知道我在做什么错吗?
/tmp/cacerts
,而不是更新/etc/ssl/certs/java/cacerts
。如果将keytool
导入命令更新为指向/etc/ssl/certs/java/cacerts
,该怎么办?还是entrypoint.sh
使用/tmp/cacerts
作为您的信任库?