How to integrate a self signed root ca certificate into docker/sdk?
Our network security has activated SSL-Decryption in our company. As a result I neet to add a self signed root ca certificate into docker/sdk.
I have no idea how to do this without manipulating all generated docker files.
What I want is to add these commands to basically all containers:
COPY config/certs/my-company-ca.crt /usr/local/share/ca-certificates/my-company-ca.crt
RUN update-ca-certificates
Can anyone guide me how I can integrate these commands into my deploy.dev.yaml so that I can download images, composer packages and node_modules using our custom root ca?
Answers
-
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,113 ⚖️ - Guardians (admin)Heyhey @andreas.fluer ,
do you require to add your own signed ca or can you use the one from docker-sdk?
If the latter, have you seen already? If its about having your own self-signed root cert you may please create a support ticket and provide me the issue number.
All the best,
Florian
0 -
Hey @fsmeier
thanks for the quick response. Here is my case number: 66333
The issue is not setting up a self signed ssl certificate, but to get a ROOT CA Certificat into my docker images/containers/volumes etc, so the SSL-Verification succeeds when downloading docker images and resources during the build process .
BR Andreas
1 -
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,113 ⚖️ - Guardians (admin)
Heyhey @andreas.fluer ,
it seems that having an own root certificate is currently not supported by the docker-sdk. With the support ticket you created I added some context for the internal teams to gain some prio.
In the meantime, after looking into docker-sdk, I suggest to locally override the
default.crtanddefault.keyindocker/generator/openssland rundocker/sdk bootstrap deploy.dev.ymlagain. Based on the logic indocker/generator/openssl/generate.shit should likely copy your certificates into the containers. - I have NOT tested it by myself yet since I am currently working on sth else.Hope this unblocks you at least.
All the best,
Florian
0 -
Hi @fsmeier,
Thanks for the information, unfortunately your proposed workaround does not work for me, as I have only the public certificate and no key. After adding only the crt and running the bootstrap and build once more, I still have the SSL-Verification errors.
Do you have any information about the rough timeline for the official support on this?
I'm not looking for a exact date only for a rough estimation (Q3 2025, 2026, later) to decide how to proceed.BR Andreas
0 -
fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,113 ⚖️ - Guardians (admin)
hmm ok :/
I dont have any estimation, sorry. Its with the product team to decide. But I also contacted our docker-sdk expert to think about possible solutions together. I'll keep you updated (and you will be updated via the support case anyway).
All the best,
Florian
1
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 83 Spryker News
- 970 Developer Corner
- 823 Spryker Development
- 91 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 36 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 30 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 33 Product & Business Questions
- 70 Spryker Safari Questions
- 50 Random