添加Let'；s将证书加密到debian:9 docker映像_Docker_Ssl_Openssl_Ssl Certificate_Lets Encrypt

添加Let'；s将证书加密到debian:9 docker映像

docker ssl openssl

添加Let'；s将证书加密到debian:9 docker映像,docker,ssl,openssl,ssl-certificate,lets-encrypt,Docker,Ssl,Openssl,Ssl Certificate,Lets Encrypt,我想基于debian:9构建一个映像，并添加来自以下链接的加密证书：好的，这些应该转换成.crt格式，所以我运行： ▶ openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt ▶ openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt 然后我使用以下Dockerfile FROM debian:9 RUN mkdir -p

我想基于

debian:9

构建一个映像，并添加来自以下链接的加密证书：

好的，这些应该转换成

.crt

格式，所以我运行：

▶ openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt
▶ openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt

然后我使用以下

Dockerfile

FROM debian:9

RUN mkdir -p /usr/share/ca-certificates/extra


RUN apt-get update && apt-get install ca-certificates -y --no-install-recommends

COPY isrgrootx1.crt /usr/share/ca-certificates/extra/isrgrootx1.crt
COPY trustid-x3-root.crt /usr/share/ca-certificates/extra/trustid-x3-root.crt

RUN update-ca-certificates

但是，在构建结束时，我发现没有添加额外的证书：

Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.

更重要的是，使用命令在运行的容器中列出它们

awk-v cmd='openssl x509-noout-subject''
/开始/{close（cmd）}；{print | cmd}'


我没有看到安装了任何让我们加密证书
我是否遗漏了任何步骤？
我相信您想要的路径是/usr/local/share/ca证书
。以下显示了正在添加的2个证书：
FROM debian:9

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
      ca-certificates \
      openssl \
 && mkdir -p /usr/local/share/ca-certificates

ADD https://letsencrypt.org/certs/isrgrootx1.pem.txt /usr/local/share/ca-certificates/isrgrootx1.pem
ADD https://letsencrypt.org/certs/trustid-x3-root.pem.txt /usr/local/share/ca-certificates/trustid-x3-root.pem

RUN cd /usr/local/share/ca-certificates \
 && openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt \
 && openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt \
 && update-ca-certificates

请注意，您下载的证书没有在主题中说明允许加密：
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/isrgrootx1.pem
subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/trustid-x3-root.pem
subject=O = Digital Signature Trust Co., CN = DST Root CA X3

root@4544afdd06e3：/#openssl x509-noout-subject Dockerfile所在文件夹中的文件是什么？它们没有被添加到.dockrignore或其他排除规则中？谢谢；你知道为什么在使用上述Dockerfile
构建的运行容器上执行以下命令时没有显示输出吗<代码>root@43b7414439d4：/#awk-v cmd='openssl x509-noout-subject'/BEGIN/{close（cmd）}；{print | cmd}'
没关系，它看起来像互联网安全研究小组
而不是让我们加密或其他什么
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/isrgrootx1.pem
subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
root@4544afdd06e3:/# openssl x509 -noout -subject </usr/local/share/ca-certificates/trustid-x3-root.pem
subject=O = Digital Signature Trust Co., CN = DST Root CA X3