Zscaler SSL Errors within Docker Build Process

,

Hi All,

Currently facing an issue with Docker during Docker build process. All certs are imported as per instructions:

We have Python/Docker working independently, however the specific action of the build process is failing with SSL errors. Question is how to inject the Root cert into the build process. Is this is even possible or if anyone has any experience with this.
We do have an open case which is not really progressing. Many thanks.

Regards,
Steven

There seem to be a bunch of solutions out there depending on your flavor of docker. There is also comment on the post below that seem to indicate you may not want to do this for security reasons, or if you’re OK with exposing the private key:

ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates

Share

Improve this answer

Follow

edited Mar 15 '19 at 18:47



GMartinez

16233 silver badges99 bronze badges

answered Feb 17 '17 at 8:10



cebe

3,03911 gold badge2424 silver badges3737 bronze badges

  • 1

Thanks, I’ll try that. I have successfully added the CA on my servers, but the commands I ran to achieve that are not working when I logon to the container.

Peter

Feb 17 '17 at 8:17

  • Thanks, this worked great, though I used curl to pull the certificates from our repo.

Peter

Feb 17 '17 at 9:02

  • 3

Just a note to suggest using COPY rather than ADD. See docs.docker.com/develop/develop-images/…

unigeek

Apr 5 '21 at 0:57

  • the solution is great. however, it exposes private certificate into image. how to keep it only in build time?

Doz Parp

Oct 28 '21 at 2:08

  • @DozParp there is no such thing as a private certificate. The private key is what you probably don’t want to have in the image. What are you trying to achieve?

cebe

Oct 28 '21 at 6:23

  • private certificate means that it uses merely in your network but should not publish to outside. if you do ADD the cert to image, it will pollute the cert pool and user can detect this as a malware (trusted in your env but not users)

Doz Parp

Oct 29 '21 at 1:20