I use to run my application on the openjdk:10-slim docker image and everything was working fine.
Then I migrated to a custom JDK built with Jlink using the following dockerfile:
FROM openjdk:10-jdk-slim AS jdkBuilder
RUN $JAVA_HOME/bin/jlink \
--module-path /opt/jdk/jmods \
--verbose \
--add-modules java.base,java.logging,java.xml,java.xml.bind,java.sql,jdk.unsupported,java.naming,java.desktop,java.management,java.security.jgss,java.security.sasl,jdk.crypto.cryptoki,jdk.crypto.ec,java.instrument,jdk.management.agent \
--output /opt/jdk-minimal \
--compress 2 \
--no-header-files
FROM debian:9-slim
COPY --from=jdkBuilder /opt/jdk-minimal /opt/jdk-minimal
ENV JAVA_HOME=/opt/jdk-minimal
COPY target/*.jar /opt/
CMD $JAVA_HOME/bin/java $JAVA_OPTS -jar /opt/*.jar
That mostly works fine too expect for when I use the AWS S3 SDK in which case I get the following exception:
com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I'm guessing that those certificates (or ways of accessing them) are provided by one missing package which I'm not including.
I did some digging and couldn't find any information about that. I tried adding any module that could be related to security or SSL but I without luck.
Has anyone encountered this issue and know which module need to be added?
As a workaround I reverted back to openjdk:10-slim but I would like to use jlink as it makes my image smaller
Exception suggests that your environment is missing some root certificates.
Try copying cacerts from openjdk:10-slim to JDK you are using.