How To Add A CA Root Certificate Inside A Docker Image ?
Last Updated :
26 Mar, 2024
The CA Root Certificate is a digital certificate that is used to only trust software and applications. Using this inside the Docker images establishes trust between the running applications inside the containers and the external host system. It facilitates secure communication by verifying the authentication with SSL/TLS certificates provided by external services. In this article, we will go through in detail and guide how to add a CA root certificate inside a Docker image.
Understanding Of Primary Terminologies
- CA Root Certificate: A digital certificate that provides a trust model and allows authentication services.
- Docker: Docker is a containerized platform tool that manages the life cycle of containers. It packages the dependencies of an application into a single entity.
- Docker Image: Docker images are read-only templates that provide instructions for creating a container with the application dependencies.
- Dockerfile: It is a text or document file that contains the assembly of commands that are needed for an application with its packages and dependencies that help in making a Docker image.
Adding CA Root Certificate Inside A Docker Image: A Step-By-Step Guide
Step 1: Log in to an AWS Account
- Navigate to your AWS account and provide your username.
- Provide the Password with respective to your Username.
Step 2: Create An Instance
- Create an instance by clicking on create Instance
Step 3: Choosing AMI
- Choose the AMI with name Amazon Linux 2 which is the latest version of Amazon Linux distribution and provide number of instances as 1 and instance name as "my_aws_instance".
Step 4: Choosing Key Pair
- Choose the existing the key pair, It helps in connecting the instance remotely from the local console with ssh protocol. Or else you can use choose without key pair option.
Step 5: Configuring Security Groups
- Configure the network security groups by clicking on edit option and provide the option values as shown in the below screenshot.
Step 6: Launching Instance
- After reviewing the definitions and configuration of the instance click on Launch Instance button.
Step 7: Connect Instance
- After creating the instance with name "my_aws_instance" , it will take some time to come for running state. After that Connect to the instance by clicking on connect button as shown in below screenshot.
Step 8: Navigate EC2 Console
- Click on the instance, navigate inside to it and go through EC2 Instance Connect section and click on connect to use EC2 Console.
Step 9: Switch To Root User
After landing on the EC2 Console, Run the following command to switch to root user.
sudo su -
Step 10: Install Docker
Now, install the docker software with running the following command:
yum install docker
and enable the docker service with the following command:
systemctl enable docker --now
Step 11: Create a Directory Structure
- Open your terminal or command prompt.
- Create a directory for your Docker project if you haven't already:
mkdir my-docker-project
cd my-docker-project
Within your project directory, create a folder to store your certificate files:
mkdir certs
Step 12: Create the CA Root Certificate
- Generate a Private Key for the CA with the following command, It generates a 4096-bit RSA private key and saves it as ca.key file.
openssl genrsa -out ca.key 4096
- Create a Certificate Signing Request (CSR) for the CA with below command:
openssl req -new -key ca.key -out ca.csr -subj "/CN=MyCA"
- Here, MyCA is the common name (CN) for your CA. Modify it as needed.
- Self-Sign the CA Certificate with the following command:
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
- This command generates a self-signed certificate (ca.crt) valid for 10 years (3650 days) using the private key (ca.key) and the CSR (ca.csr).
- Now, Verify the Certificate:
openssl x509 -noout -text -in ca.crt
- This command verifies the details of the generated certificate.
- Now, Move the Certificate to the Certs Directory with the following command:
mv ca.crt certs/root-ca.pem
- This command moves the generated CA root certificate to the certs directory within your Docker project.
- Now, you can proceed to Step 3 in the Docker setup, using the generated CA root certificate (root-ca.pem) in your Docker image.
Step 13: Write A Dockerfile
Create a Dockerfile in the root of your project directory:
touch Dockerfile
- Configure the Dockerfile with the following code using the base image as "alpine:latest"
FROM alpine:latest
# Copy the CA root certificate into the image
COPY certs/root-ca.pem /usr/local/share/ca-certificates/root-ca.crt
# Update CA certificates in the image
RUN update-ca-certificates
Step 14: Build the Docker Image
- In your EC2 Console, navigate to your project directory if you're not already there and then Build your Docker image using the Dockerfile with the following command:
docker build -t my-docker-image .
- Replace my-docker-image with a suitable name for your Docker image.
Step 15: Verify the Image
- Once the build process completes, verify that the CA root certificate is successfully added to the Docker image:
docker run --rm -it my-docker-image
- This command should output a message indicating that the CA certificates have been updated successfully.
Step 16: Usage
- Use the built Docker image in your Docker containers or services as needed.
- Any applications or services running within containers based on this image will now trust the CA specified in the root certificate.
Similar Reads
How to Push a Container Image to a Docker Repository?
In this article we will look into how you can push a container image to a Docker Repository. We're going to use Docker Hub as a container registry, that we're going to push our Docker image to. Follow the below steps to push container Image to Docker repository:Step 1: Create a Docker Account The f
3 min read
Microsoft Azure - Running an App inside a Docker Container Image
In this article, we'll learn how to run an app inside of a container with Docker. For this, you need to set up Docker on your local Dev machine, by going to docker.com, and installing the Docker desktop application for your specific operating system. We can use the Docker Pokemon to pull an image fr
2 min read
How to Install an SSL/TLS Certificate In Amazon EC2 (AWS)
AWS EC2 is one of the most used and convenient solutions for hosting web servers and applications accessible worldwide. Securing your applications with an SSL certificate is vital for safeguarding user data and building trust. In this article, we will be hosting a basic web application on EC2 and wi
6 min read
How to Make Git Accept a Self Signed Certificate?
Using Git in a secure environment often requires dealing with SSL certificates. When a self-signed certificate is used, Git might reject the connection due to the certificate's untrusted nature. This can create a problem when accessing repositories over HTTPS. However, you can configure Git to accep
3 min read
How to Export and Import Docker Containers and images
In software development, flexibility and portability are important. Suppose you’ve built a perfect application in a Docker container on your development machine and now you need to move this same setup to a colleague’s machine or a production server. How do you ensure your application, and all its d
6 min read
How to Create Docker Image?
Docker is a powerful containerization tool that enables developers to package their applications and their dependencies into a single unit called Docker image. The Docker image offers seamless deployment, scalability, and portability. In this article, I will make sure that you understand what is doc
12 min read
Docker: How To Use Bash With An Alpine Based Docker Image?
Docker is a tool that is used to encapsulate the application with all its dependencies, called Docker containers. On the other hand, Alpine Linux is a lightweight and minimal Linux distribution. Here in this guide, I will first discuss what Docker is. Then I will discuss what Alpine is. After this,
5 min read
Push Docker Images to Artifact Registry in GCP
Google Artifact Registry is a fully managed service that aims to provide you with services that allow us to secure storage and management of docker container images and other artifacts. It provides a centralized location for storing and managing the artifacts. In this article, I will provide you an
7 min read
How To Push A Docker Image To Amazon ECR?
We go over how to submit a Docker image to the Amazon Elastic Container Registry (ECR) in this tutorial. By offering a safe, scalable registry for storing and distributing Docker images inside the AWS ecosystem, Amazon ECR streamlines container management. To upload and maintain your containerized a
4 min read
How To See Docker Image Contents?
In the evolving world of containerization, Docker has emerged as a tool for packaging and deploying applications. While creating and sharing Docker images has streamlined the development and deployment process. Contents of a Docker image are important for troubleshooting, optimizing, and ensuring se
3 min read