there are basically two ways to include the UCS CA certificate within the docker container:
- Use a docker volume and mount the certificate store from the UCS host into the docker container. This setting has to be done be the app itself. For example the file
/etc/ssl/certs/ca-certificates.crtand the directory
/etc/univention/ssl/ucsCA/ could be used in the container this way. For a durable solution the app provider should check this way for a solution.
- For a running container you could copy the certificate inside the container. On the UCS host you could execute:
cat /etc/univention/ssl/ucsCA/CAcert.pem | \
docker exec -i "$(ucr get appcenter/apps/<<<the app id>>>/container)" \
bash -c 'cat >> <<<directory for the ca bundle file>>>/ca-bundle.crt'
What you need could be different but similar. But it should give you an idea how to get the certificate inside the container. I hope this helps.