Profile Picture

Docker SSL Certificates


Gray skies are nothing more than clouds passing over. Duke Ellington

Docker Tips: Adding Certificates

Copying Certificates

If you are manually adding SSL certificates/chains/roots to your container, you can usually follow these steps:

FROM nginx:alpine

COPY rootCA.pem /usr/local/share/ca-certificates/ RUN update-ca-certificates

The first part of this is the copy, and the second is to add the certificate to the containers store.

You can then run your container again and confirm if your SSL handshake is working.

Verifying Certificates

If your SSL handshake fails, it might be a broken / missing chain.

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

Step 1: Confirm the certificates have applied

> ls /etc/ssl/certs/ | grep 'Your-certs-file-name'

This will confirm if the certificate has been applied to your system.

Step 2: Confirm the chain

> openssl s_chanel -showcerts -connect <your-host>:<your-port>

Either of these 2 steps should lead you to your problem. If the problem is Step 1, it is likely the certs are in the wrong format or worst case missing. In my situation, I copied .pems directly from our SSL provider store and tried to use that but I found update-ca-certificates was not applying them. All I had to do here was rename the .pem to .crt.

Automated Testing Tips: Integration

If you experiencing any of the following,

  1. frustrated by mocking
  2. struggling to make progress on an automated test to confirm some behaviour or functionality
  3. frustrated by struggling to read and make sense of complex test setup and tear-downs

Then it's time to consider Integration tests.

Docker is definitely a mechanism to accelerate integration testing, but in some instances Mockoon will get you there much quicker. Mockoon is a free and open source mock server that you can use to test your APIs. The best part is that you can generate endpoints with data quickly, and store the configuration alongside your code to enable others. Another value add, is that it enables improved debugging (where there's less magic and more oppurtunity to peer underneath the hood).

Listen to your customer

Daniel Terhorst-North - How to Bake a Change

This is another excellent talk from Daniel, on how to move software forward. It all really starts with stepping away from your own pre-suppositions, your need to speak and be the expert, to just listening. The other important piece of advice is to actually not speak down, nor speak up, but speak to your customers. Speak their language. Use their words. Think about the things they care about.

Refactoring Legacy

Martin Fowler - Seams

Michael Feathers coined the term 'seams' in his book, Working Effectively with Legacy Code. It's an important word in the arsenal of words of the Technical lead or Developer. A seam is a place we can alter the behavior of the system without editing source code. Once we find a seam or create one, we can use it to:

  1. Break up dependencies
  2. Add new features
  3. Simplify testing
  4. Insert probes to gain observability
  5. Redirect program follow
  6. Perhaps most importantly, we can migrate behaviour away from legacy

Sober Git Defaults

Three Git Configurations that I use in my daily life:

git config --global pull.rebase true
git config --global fetch.prune true
git config --global diff.colorMoved zebra

Git Configurations