Please add the exact image (with tag) that you are using
eclipse-temurin:25-jdk-alpine
Please add the version of Docker you are running
Docker version 29.1.3, build 29.1.3-0ubuntu4.1
What happened?
When using the feature described here: CA certificates import
with multiple certificates without a CN and with a serial number of "00". The import fails. (I needed to remove the ">/dev/null" to see the actual error)
The script is based on the assumption that the combination of CN and serial number is always unique.
Unfortunately this is not always the case.
Here are some samples of certificates without a CN and without a globally unique serial number.
=== Certificate #1 ===
subject=C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
issuer=C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
notBefore=Jun 29 17:39:16 2004 GMT
notAfter=Jun 29 17:39:16 2034 GMT
serial=00
sha256 Fingerprint=14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58
--
=== Certificate #2 ===
subject=C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
issuer=C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
notBefore=May 29 05:00:39 2009 GMT
notAfter=May 29 05:00:39 2029 GMT
serial=00
sha256 Fingerprint=51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6
--
=== Certificate #3 ===
subject=C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
issuer=C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
notBefore=Jun 29 17:06:20 2004 GMT
notAfter=Jun 29 17:06:20 2034 GMT
serial=00
sha256 Fingerprint=C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4
Relevant log output
Certificate fingerprint (SHA-256): 14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58
Adding certificate with alias _00 to the JVM truststore
Warning: use -cacerts option to access cacerts keystore
keytool error: java.lang.Exception: Certificate not imported, alias <_00> already exists
Please add the exact image (with tag) that you are using
eclipse-temurin:25-jdk-alpine
Please add the version of Docker you are running
Docker version 29.1.3, build 29.1.3-0ubuntu4.1
What happened?
When using the feature described here: CA certificates import
with multiple certificates without a CN and with a serial number of "00". The import fails. (I needed to remove the ">/dev/null" to see the actual error)
The script is based on the assumption that the combination of CN and serial number is always unique.
Unfortunately this is not always the case.
Here are some samples of certificates without a CN and without a globally unique serial number.
Relevant log output