How do I import a CA root certificate to trust store in JBoss EAP for OpenShift?
Issue
- How do I import a CA root certificate to trust store in JBoss EAP for OpenShift?
-
update-ca-trustfails in a JBoss EAP Pod as follows. How do I updatecacertsin the container?$ oc rsh <pod-name> sh-4.2$ update-ca-trust p11-kit: couldn't create file: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt: Permission denied p11-kit: couldn't create file: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem: Permission denied p11-kit: couldn't create file: /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem: Permission denied p11-kit: couldn't create file: /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem: Permission denied p11-kit: couldn't create file: /etc/pki/ca-trust/extracted/java/cacerts: Permission denied -
keytool -importalso fails in JBoss EAP Pod due toPermission denied:$ oc rsh <pod-name> sh-4.2$ keytool -import -keystore /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/cacerts -trustcacerts -alias my-root-cert -file /opt/eap/standalone/configuration/root-ca.crt -storepass changeit -noprompt Certificate was added to keystore keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/cacerts (Permission denied)
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 7.4
- Red Hat OpenShift Container Platform (OCP)
- 4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
