I'm currently working on an OCP project which contains a Jenkins server that we build using the source-to-image strategy. We're using the official RedHat Jenkins 2 RHEL7 image as the base and store our individual configuration in a git repository with the structure for the s2i build that is documented on GitHub in the corresponding section of the README.md: https://github.com/openshift/jenkins
One of the requirements to our Jenkins is that uses an company-internal Jenkins update center which is hosted on one of our servers. In order to reach this update center, the Java VM Jenkins runs on needs our company's root certificates.
What is the best practice to add those root certificates to the Java VM's keystore during the s2i build?