How to Add a Self-signed Root Certificate to the VERA API Docker Container
Step 1: Stage a copy of the root certificate
- Create a new directory on the server hosting the VERA Docker containers. This can be in any location where Docker will have access permissions.
Stage a copy of your self-signed root certificate into the folder created above.
Example/path/to/my/cert/my-root-certificate.crt
Important
The certificate must be in a CRT format.
Step 2: Create a start-up script for the VERA API server
Create a new bash script named
start.sh
with the following contents:start.sh#!/bin/bash update-ca-certificates dotnet Vera.Server.dll
Stage the script file into the same directory as the self-signed root certificate (from Step 1).
Example/path/to/my/cert/start.sh
Use
chmod
to apply executable permissions to the script file.Examplechmod +x /path/to/my/cert/start.sh
Step 3: Update VERA's Docker Compose file
- Navigate to VERA's installation directory.
- Open the
docker-compose.yml
file in a text editor. Add a volume binding for the vera.server container that binds the directory created in step 1 to /usr/local/share/ca-certificates.
Example (snippet)vera.server: image: veraserver20190209075900.azurecr.io/tx3/vera-server container_name: vera-server ports: - "8443:5001" volumes: - /var/lib/tx3_services:/Data - /path/to/my/cert:/usr/local/share/ca-certificates
Reference Line 8 above.
- Add a custom entry point to the vera.server container that points to the start-up script created in step 2. Note that the configuration will point to the container's internal path created through volume binding.Example (snippet)
vera.server: image: veraserver20190209075900.azurecr.io/tx3/vera-server container_name: vera-server ports: - "8443:5001" … restart: always entrypoint: ["/usr/local/share/ca-certificates/start.sh"]
Reference Line 10 above.
Step 4: Restart the VERA containers
- Run
docker-compose up --build -d
to restart the docker containers with the new configurations. - If the containers do not start successfully, then running the above command without the -d option will provide output for debugging.