TechQA.

SunCertPathBuilderException when running a Java application in Docker Toolbox

3.5k views Asked by At

I have a Spring Boot Java application, which I want to run inside a Docker container. The application communicates with another service on internal network over HTTPS, but when I run the Docker container, I get the following exception (cause by the HTTPS connection):

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I had the same exception on my dev machine as well, which I fixed using this tutorial.

What I tried

  • Many advices pointed out that DOCKER_CERT_PATH variable needs to be correctly set, but when I run docker-machine env default, I see it pointed to C:\Users\username\.docker\machines\machine\default.
  • I tried to get the certificate and put it to this folder using this advice
  • I tried adding -Dtrust_all_cert=true Java option to disable certificate check
  • I tried to switch from org.spotify.dockerfile-maven-plugin to org.spotify.docker-maven-plugin with this settings
  • I followed this tutorial and managed to add the certficiate to /etc/ssl/certs/java/cacerts and also to /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts in the Docker image.

None of these solutions worked, unfortunatelly.

My question

What should I do to get rid of this exception?

My Dockerfile (after applying previous solutions)

FROM openjdk:8-jdk-alpine
# to enable file writes
VOLUME /tmp
ADD target/trip-force-0.1.0.jar app.jar

# java cacerts
COPY ./res/timur.domain.local.cer /timur.domain.local.cer
ENV CACERTS  /etc/ssl/certs/java/cacerts
RUN keytool -noprompt -import -alias timur -keystore ${CACERTS} -file /timur.domain.local.cer

ENV JAVA_OPTS="-Dtrust_all_cert=true"
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom  -jar /app.jar" ]
java docker https windows-7 docker-toolbox
Original Q&A
1

There are 1 answers

1
Adam Kučera On BEST ANSWER

What finally did the trick was the solution, that I probable should have tried in the beginning, as it was what fixed the problem on my dev machine.

Using this tutorial (and downloading the InstallCert.java file from here) I just copied the generated jssecacerts file inside the Docker image using this command in the Dockerfile:

COPY ./res/jssecacerts /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/

Related Questions in JAVA

Related Questions in DOCKER

Related Questions in HTTPS

Related Questions in WINDOWS-7

Related Questions in DOCKER-TOOLBOX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions