TLDR: spring boot gradle bootBuildImage task fails with x509 cert validation error (due to zscaler). Where to add the root cert?
Info
We're using spring boot's (2.3) new "bootBuildImage" to build docker images.
Recently our IT group turned on "zscaler everywhere" which effectively routes all http and https traffic through a company-blessed 'man in the middle' , i.e. which use DNS to 'gateway/checkpoint' network traffic
Error
Aft this change, gradle fails with X509 certificate validation error:
2021-03-01T08:40:42.120-0600 [QUIET] [system.out] [creator] unable to request https://repo.
spring.io/release/org/springframework/cloud/spring-cloud-bindings/1.7.0/spring-cloud-bindings-1.7.0
.jar
2021-03-01T08:40:42.120-0600 [QUIET] [system.out] [creator] Get "https://repo.spring.io/release/org/springframework/cloud/spring-cloud-bindings/1.7.0/spring-cloud-bindings-1.7.0.jar": x509: certificate signed by unknown authority
202
More Context
- Spring boot 3.7
- Gradle
- Mac
- Docker desktop
- Fails specifically on spring-cloud-bindings
Question
- How to get past x509 ssl cert validation error?
I understand that should be able to install the zscaler root cert in a trust store, but am unclear which trust store?? (and where on the filesystem?)
- docker
- paketo
I'm unclear why 'spring cloud download' fails, but other downloads succeed, i.e. this download succeeds:
2021-03-01T08:40:34.790-0600 [QUIET] [system.out] [creator] BellSoft Liberica JRE 8.0.282
: Contributing to layer
2021-03-01T08:40:34.790-0600 [QUIET] [system.out] [creator] Downloading from https://github.com/bell-sw/Liberica/releases/download/8u282+8/bellsoft-jre8u282+8-linux-amd64.tar.gz
2021-03-01T08:40:38.913-0600 [QUIET] [system.out] [creator] Verifying checksum
thanks in advance!