https://github.com/smallstep/docker-ca-trust

Dockerfiles that bootstrap with an internal X.509 Certificate Authority
https://github.com/smallstep/docker-ca-trust

Last synced: 3 months ago
JSON representation

Dockerfiles that bootstrap with an internal X.509 Certificate Authority

• Host: GitHub
• URL: https://github.com/smallstep/docker-ca-trust
• Owner: smallstep
• Created: 2021-06-28T19:19:39.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-07-06T15:30:46.000Z (over 4 years ago)
• Last Synced: 2025-10-07T07:27:51.343Z (5 months ago)
• Homepage:
• Size: 6.84 KB
• Stars: 3
• Watchers: 7
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# docker-ca-trust

This is a set of Dockerfiles that can bootstrap an internal [`step-ca`](https://github.com/smallstep/certificates/) server on top of an OS image.

It can serve as a pattern for trusting internal CAs, for any Docker image.

Supported base images:

* `ubuntu:focal`

* `alpine:latest`

## Example usage

Say we want the `mongo` image to trust an internal CA.  `mongo` uses `ubuntu:focal`. So start with `Dockerfile.ubuntu`, and change `FROM ubuntu:focal` to `FROM mongo`. Build it and you will get a MongoDB server that trusts your CA.

The CA URL and Fingerprint can be hardcoded in the `Dockerfile`, or supplied as build arguments:

```

docker build -f Dockerfile.ubuntu . --build-arg CA_URL=https://ca.example.com --build-arg CA_FINGERPRINT=abc123123

docker build -f Dockerfile.alpine . --build-arg CA_URL=https://ca.example.com --build-arg CA_FINGERPRINT=abc123123

```