How to Add a Self-signed Root Certificate to the VERA API Docker Container

Owned by Aaron Morris (Unlicensed)
Aug 11, 2021
2 min read

Step 1: Stage a copy of the root certificate

  1. Create a new directory on the server hosting the VERA Docker containers. This can be in any location where Docker will have access permissions.

  2. Stage a copy of your self-signed root certificate into the folder created above.

    Example
    /path/to/my/cert/my-root-certificate.crt

Important

The certificate must be in a CRT format.

Step 2: Create a start-up script for the VERA API server

  1. Create a new bash script named start.sh with the following contents:

    start.sh
    #!/bin/bash
update-ca-certificates
dotnet Vera.Server.dll

  2. Stage the script file into the same directory as the self-signed root certificate (from Step 1).

    Example
    /path/to/my/cert/start.sh

  3. Use chmod to apply executable permissions to the script file.

    Example
    chmod +x /path/to/my/cert/start.sh

Step 3: Update VERA's Docker Compose file

  1. Navigate to VERA's installation directory.
  2. Open the docker-compose.yml file in a text editor.

  3. Add a volume binding for the vera.server container that binds the directory created in step 1 to /usr/local/share/ca-certificates.

    Example (snippet)
    vera.server:
    image: veraserver20190209075900.azurecr.io/tx3/vera-server
    container_name: vera-server
    ports:
      - "8443:5001"
    volumes:
      - /var/lib/tx3_services:/Data
      - /path/to/my/cert:/usr/local/share/ca-certificates

    Reference Line 8 above.

  4. Add a custom entry point to the vera.server container that points to the start-up script created in step 2. Note that the configuration will point to the container's internal path created through volume binding.
    Example (snippet)
    vera.server:
    image: veraserver20190209075900.azurecr.io/tx3/vera-server
    container_name: vera-server
    ports:
      - "8443:5001"

    …

    restart: always
    entrypoint: ["/usr/local/share/ca-certificates/start.sh"]

    Reference Line 10 above.

Step 4: Restart the VERA containers

  1. Run docker-compose up --build -d to restart the docker containers with the new configurations.
  2. If the containers do not start successfully, then running the above command without the -d option will provide output for debugging.