Custom Docker Container with TLS / HTTPS certificate

[stenh0use]

Took me a little bit to figure out how to create a docker container with custom TLS certificate.

Seeing as there does not seem to be any documentation on this one I thought my solution might be beneficial to others.

Feel free to close.

FROM adobe/s3mock:2.2.0

ENV server.ssl.key-store=/opt/customcert.jks
ENV server.ssl.key-store-password=password
ENV server.ssl.key-alias=selfsigned
ENV server.port=443
ENV http.port=80

RUN keytool -genkey -keyalg RSA -alias selfsigned \
  -validity 360 \
  -keystore /opt/customcert.jks \
  -dname "cn=Test, ou=Test, o=Docker, l=NY, st=NY, c=US" \
  -storepass password -keysize 2048 \
  -ext "san=dns:localhost"

[afranken]

Thank you, I'll test this and then add it to the README.md. :)

[cvltmaheshp]

@afranken i see that we are already exposing https, which i assume is with a self signed cert right ? would adding above help with the below ssl certificate verify failed error ?

PS C:\Windows\system32> aws --endpoint-url https://abc s3 ls s3://test

SSL validation failed for https://abc/test?list-type=2&prefix=&delimiter=%2F&encoding-type=url [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1002)

[afranken]

@cvltmaheshp maybe, I have yet to test this.
Since S3Mock is meant to be used for local testing only, it's way easier to just use HTTP instead of HTTPS.
Just don't use sensitive data for testing.

The AWS CLI always wants to fully validate the SSL certificate. You can tell it not to:
--no-verify-ssl

At least in Java, you can tell the AWS SDK to just accept any SSL certificate without thorough validation as well, see for example:
https://github.com/adobe/S3Mock/blob/main/testsupport/common/src/main/java/com/adobe/testing/s3mock/testsupport/common/S3MockStarter.java#L112