adoptium · gdams · Jul 24, 2024 · Jun 3, 2024
diff --git a/...rtificates-update/certs/dockerbuilder.crt → ...tificates-update/certs/.dockerbuilder.crt b/...rtificates-update/certs/dockerbuilder.crt → ...tificates-update/certs/.dockerbuilder.crt
diff --git a/...rtificates-update/certs/dockerbuilder.key → ...tificates-update/certs/.dockerbuilder.key b/...rtificates-update/certs/dockerbuilder.key → ...tificates-update/certs/.dockerbuilder.key
diff --git a/.test/tests/java-ca-certificates-update/certs/.dockerbuilder2.crt b/.test/tests/java-ca-certificates-update/certs/.dockerbuilder2.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIUZuRSLr7riMCDUFHVQKYQh/abmZQwDQYJKoZIhvcNAQEL
+BQAwMjEXMBUGCgmSJomT8ixkARkWB1RlbXVyaW4xFzAVBgNVBAMMDkRvY2tlckJ1
+aWxkZXIyMCAXDTI0MDcyNDIxMDk0NloYDzMwMDQwOTI1MjEwOTQ2WjAyMRcwFQYK
+CZImiZPyLGQBGRYHVGVtdXJpbjEXMBUGA1UEAwwORG9ja2VyQnVpbGRlcjIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSs004yyVW4dEREZgTGbN1Dzbc
++VcRXUCfVCuiWFeT8a8oHZrbtNxCXD6whcGvLHsjszJKUCseDLCnSlHIpU6Ax7tP
+WGsUhY6Zl8I+JzeB/8tYpyNRCLlm2Rp5Iv4oOX2btKYoUy+oFkWP+N8d1taRSrhR
+vbPz+FwFSrtQwuT+grQP9yWO0qFrHL5Vjckg0BjELMYZ4rUx4KsV+JsmCf6oPDt4
+b+gnMoZebumKTJ53Ej/Kh0Z30s+UHR9WlbZ9KEyuBifgErw/USqpibaQbG1UTX1f
+5LealeITduNWcXIAkQYHddCyt8YRtO9oVrxxVdFmCtU4qUHlov7kxAdOC/KTAgMB
+AAGjUzBRMB0GA1UdDgQWBBQ1oKojBf5qgkezUk6axrz3CjdHmzAfBgNVHSMEGDAW
+gBQ1oKojBf5qgkezUk6axrz3CjdHmzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCDUUOV23QzoqeGs7CKHXg+Mvxn6E4Tm395c0RKJRiHXEueQ2JD
+e7ywfb11f/vGyudWVKe1wiRuMP4U8G6V3m6C/CSJrz1J3N9fvN23iPaZIh1O0vSr
+xOz5UmiSsRW8BEQYCvF8CoWim1fG+KjtRhO6QqKLtK11j6TwZaUBIvSwK+OZKSuw
+q8SuBRXNrIJvH0bonOXcuivOkruU0aRdizIG5Ed0OV2PVfbw2gu7Om83ADbVuSOV
+noMwGjDVzVRAs8lu4ijuAryshVQK0LkImrwp+YkhRkFus0HWJqi/Ox+BHZt3BiFs
+ATt9J3LCLazvP6LGr4rlZixJqM2ZC7dP0lOl
+-----END CERTIFICATE-----
diff --git a/.test/tests/java-ca-certificates-update/certs/.dockerbuilder2.key b/.test/tests/java-ca-certificates-update/certs/.dockerbuilder2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSs004yyVW4dER
+EZgTGbN1Dzbc+VcRXUCfVCuiWFeT8a8oHZrbtNxCXD6whcGvLHsjszJKUCseDLCn
+SlHIpU6Ax7tPWGsUhY6Zl8I+JzeB/8tYpyNRCLlm2Rp5Iv4oOX2btKYoUy+oFkWP
++N8d1taRSrhRvbPz+FwFSrtQwuT+grQP9yWO0qFrHL5Vjckg0BjELMYZ4rUx4KsV
++JsmCf6oPDt4b+gnMoZebumKTJ53Ej/Kh0Z30s+UHR9WlbZ9KEyuBifgErw/USqp
+ibaQbG1UTX1f5LealeITduNWcXIAkQYHddCyt8YRtO9oVrxxVdFmCtU4qUHlov7k
+xAdOC/KTAgMBAAECggEAANIrB8nVtFbjVrmdnEqVs8drnITzVmYN+gxhaSTiQwuq
+9dWyjY6+omPYVma94GKADlR7oXd+7cyLks65rrXRCdi0PaKw6vox9WdkMCY803zr
+BWrouq0Hq1W0y3x3WOjrSyjOiTgdwhBDlLH1Vk/tV/VwybOa4dMeRKveFkNmbXKU
+ZeR62r95vob4F5Ui6CWqSDRXFSml8VvBkU+6RAm697Lm5JQKoOuUueR9/L5z2Y0Z
+rpGeBQ2tbbRIAvQWG3PhQirDqduL2e8aUs/RG8jGmbAnB9LoWJtaBEgLoza6221F
+vboRWDLG5yZorXeGHT169+LQQ84rtwyjbQkvKjcP1QKBgQD632J17fWqK5cBaU2c
+2bxAwS8aoqzPgBkAD2E8/VBEmJfjUAH5KVNuF9oeO/ho6JUOHoAWxMeu9v0ikynb
+wnznQXlgieJCockJaTx1fkE/+W38uRXLK1TBSHFB7QdhPJbdeOh0jbsxNoX3wCAW
+jQDUf2CoVdt+326II71IhDnnbQKBgQDXAbpkEWMYnWbl+WmSwGGud2AO7Uaw6ZQK
+e83/zKQYcLsGHVMEJ41i2Lrd+VGJjK1eHUyOxHYg4Cel4cG5P7sU45yhehHVAeau
+Z8KzQbB8BGcyMUoQFMIK5AXIiVdgTvt+aoKMEfXSAuZi1g5ATSS6zBoXWxlJyQ4b
+R1MqOvMB/wKBgAw/3A7mD5i/iCAJhECkYQzIYgRq7QU0vAPEvHq94611xfTTc0U3
+P1ugzoWrZ/W3ZY/K7XYvJZDlfnaxuNmCJZclG0gbc3DNdYOAH/OctpLpGvW8E9RX
+yUumveD6MeINk1A9FxyZzwoYH3J5bxeqyt+VWKLfjlgjkMIU/KkNy8YBAoGAbU2G
+mTqxmyDh38YE4sMEpbIwVkZP6r5EMXQxDHrXbUlZ+sjLnFATM44kqZYG2pt2w2K3
+udisiRgLb+wuFOQOUpdH2Ft7V0NpJ36+X2zksJd4cu7VzQkQgILdYc5YajCc7+5r
+wZOb2ZD52IMjqZLOOlxqYzc/yt/4WOvQnqZrRbcCgYBQopNwh9Hx9SBIHkkZkq1Z
+iiPZl05khB/Vw76hABwjMillQd+nOJNf4kymIiOzfThEw/a4kam1zWvN0kq9Guu/
+YMvd73sqcudB5IWIjdqq0lKML2rcoBGqKGj5dFZt6Un/jqbi5nHeoMubrZkXUdG8
+PDtV2BTZDwmo+btPF//U5Q==
+-----END PRIVATE KEY-----
diff --git a/.test/tests/java-ca-certificates-update/certs/README.md b/.test/tests/java-ca-certificates-update/certs/README.md
@@ -1 +1,9 @@
-This certificate/key pair has been generated with `openssl req -nodes -new -x509 -days 358000 -subj "/DC=Temurin/CN=DockerBuilder" -keyout certs/dockerbuilder.key -out certs/dockerbuilder.crt` and is only used for testing
+These certificate/key pairs has been generated with
+
+``` shell
+$ openssl req -nodes -new -x509 -days 358000 -subj "/DC=Temurin/CN=DockerBuilder" -keyout certs/dockerbuilder.key -out certs/dockerbuilder.crt
+$ openssl req -nodes -new -x509 -days 358000 -subj "/DC=Temurin/CN=DockerBuilder2" -keyout certs/dockerbuilder2.key -out certs/dockerbuilder2.crt
+$ cat certs/dockerbuilder.crt certs/dockerbuilder2.crt > certs/multi-cert.crt
+```
+
+ and are only used for testing
diff --git a/.test/tests/java-ca-certificates-update/certs/multi-cert.crt b/.test/tests/java-ca-certificates-update/certs/multi-cert.crt
@@ -0,0 +1,40 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUIfl8I/yasxlsTEc30PLLRuleiCswDQYJKoZIhvcNAQEL
+BQAwMTEXMBUGCgmSJomT8ixkARkWB1RlbXVyaW4xFjAUBgNVBAMMDURvY2tlckJ1
+aWxkZXIwIBcNMjMwNjEyMTgyNDE1WhgPMzAwMzA4MTQxODI0MTVaMDExFzAVBgoJ
+kiaJk/IsZAEZFgdUZW11cmluMRYwFAYDVQQDDA1Eb2NrZXJCdWlsZGVyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfOgmluNXEIE7BWvt7jGgdZW/y5s
+N78FcpZdM8Z2FatvjJKvNmJ9OkkkOSNBhGKAWpHn19JMNdQ2nEmTHMetg0hiSqRI
+hBceAY4lDfOzxAyZGGpVzL9U1B9mOrX5O3EedF5AVvl0NZVjEwswuGaUa3zZBAKy
+Z5Vv/z8Lw2uYIs/dtw8lcpEAb78BZ8bAhhhl+X+tTGK8agibLGQJT9l/JxS3pXyw
+me4YaKQQRgvuqOTEt+x+0aA5E2EUTOGq0Li+i1ranf6ou5Dz/Y6LtXwT/j2bf4ZR
+w2YHpYZL54UEtMWES2KAjsZ3u4DCxUIEfW8EgxUIhcepIDP1h05A3fSiWQIDAQAB
+o1MwUTAdBgNVHQ4EFgQUr0VirSzDQTuNgGjDxRkxPFrjUKcwHwYDVR0jBBgwFoAU
+r0VirSzDQTuNgGjDxRkxPFrjUKcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAlo6ZSAIKSUWqRygyNg9oWuLGfWMW//dZjU1MKBYVpM4Mry/aMD5d
+kMQj9hm+zXhNYN01yLh/cdPKCQ/r1KP6lmCtZHp50Xe8HEnIymRYx0KMAcqYLjnT
+DXwCPqtWvJ1do65vVJRN70CuF8T1JNFhPdirrAiuU7bhGPABfnbek7yNkTYgUSdb
+WpV/WOFPh9Dl24vNl1/Cti+pQThlCgHF/+dVndFHN9FOOG8k8ohYkLwL+ZzKfOiZ
+CVWn2mWk2EhcuTlg/3zkXmwjfzFTdXMhS1sdfJNReaY/omJ91euxB0c8iYZV4wuU
+ghx+GJ14nO7RJNHNX4k+BBPxy3f56+cYrg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIUZuRSLr7riMCDUFHVQKYQh/abmZQwDQYJKoZIhvcNAQEL
+BQAwMjEXMBUGCgmSJomT8ixkARkWB1RlbXVyaW4xFzAVBgNVBAMMDkRvY2tlckJ1
+aWxkZXIyMCAXDTI0MDcyNDIxMDk0NloYDzMwMDQwOTI1MjEwOTQ2WjAyMRcwFQYK
+CZImiZPyLGQBGRYHVGVtdXJpbjEXMBUGA1UEAwwORG9ja2VyQnVpbGRlcjIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSs004yyVW4dEREZgTGbN1Dzbc
++VcRXUCfVCuiWFeT8a8oHZrbtNxCXD6whcGvLHsjszJKUCseDLCnSlHIpU6Ax7tP
+WGsUhY6Zl8I+JzeB/8tYpyNRCLlm2Rp5Iv4oOX2btKYoUy+oFkWP+N8d1taRSrhR
+vbPz+FwFSrtQwuT+grQP9yWO0qFrHL5Vjckg0BjELMYZ4rUx4KsV+JsmCf6oPDt4
+b+gnMoZebumKTJ53Ej/Kh0Z30s+UHR9WlbZ9KEyuBifgErw/USqpibaQbG1UTX1f
+5LealeITduNWcXIAkQYHddCyt8YRtO9oVrxxVdFmCtU4qUHlov7kxAdOC/KTAgMB
+AAGjUzBRMB0GA1UdDgQWBBQ1oKojBf5qgkezUk6axrz3CjdHmzAfBgNVHSMEGDAW
+gBQ1oKojBf5qgkezUk6axrz3CjdHmzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCDUUOV23QzoqeGs7CKHXg+Mvxn6E4Tm395c0RKJRiHXEueQ2JD
+e7ywfb11f/vGyudWVKe1wiRuMP4U8G6V3m6C/CSJrz1J3N9fvN23iPaZIh1O0vSr
+xOz5UmiSsRW8BEQYCvF8CoWim1fG+KjtRhO6QqKLtK11j6TwZaUBIvSwK+OZKSuw
+q8SuBRXNrIJvH0bonOXcuivOkruU0aRdizIG5Ed0OV2PVfbw2gu7Om83ADbVuSOV
+noMwGjDVzVRAs8lu4ijuAryshVQK0LkImrwp+YkhRkFus0HWJqi/Ox+BHZt3BiFs
+ATt9J3LCLazvP6LGr4rlZixJqM2ZC7dP0lOl
+-----END CERTIFICATE-----
diff --git a/.test/tests/java-ca-certificates-update/certs_symlink/.dockerbuilder2.crt b/.test/tests/java-ca-certificates-update/certs_symlink/.dockerbuilder2.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIUZuRSLr7riMCDUFHVQKYQh/abmZQwDQYJKoZIhvcNAQEL
+BQAwMjEXMBUGCgmSJomT8ixkARkWB1RlbXVyaW4xFzAVBgNVBAMMDkRvY2tlckJ1
+aWxkZXIyMCAXDTI0MDcyNDIxMDk0NloYDzMwMDQwOTI1MjEwOTQ2WjAyMRcwFQYK
+CZImiZPyLGQBGRYHVGVtdXJpbjEXMBUGA1UEAwwORG9ja2VyQnVpbGRlcjIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSs004yyVW4dEREZgTGbN1Dzbc
++VcRXUCfVCuiWFeT8a8oHZrbtNxCXD6whcGvLHsjszJKUCseDLCnSlHIpU6Ax7tP
+WGsUhY6Zl8I+JzeB/8tYpyNRCLlm2Rp5Iv4oOX2btKYoUy+oFkWP+N8d1taRSrhR
+vbPz+FwFSrtQwuT+grQP9yWO0qFrHL5Vjckg0BjELMYZ4rUx4KsV+JsmCf6oPDt4
+b+gnMoZebumKTJ53Ej/Kh0Z30s+UHR9WlbZ9KEyuBifgErw/USqpibaQbG1UTX1f
+5LealeITduNWcXIAkQYHddCyt8YRtO9oVrxxVdFmCtU4qUHlov7kxAdOC/KTAgMB
+AAGjUzBRMB0GA1UdDgQWBBQ1oKojBf5qgkezUk6axrz3CjdHmzAfBgNVHSMEGDAW
+gBQ1oKojBf5qgkezUk6axrz3CjdHmzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCDUUOV23QzoqeGs7CKHXg+Mvxn6E4Tm395c0RKJRiHXEueQ2JD
+e7ywfb11f/vGyudWVKe1wiRuMP4U8G6V3m6C/CSJrz1J3N9fvN23iPaZIh1O0vSr
+xOz5UmiSsRW8BEQYCvF8CoWim1fG+KjtRhO6QqKLtK11j6TwZaUBIvSwK+OZKSuw
+q8SuBRXNrIJvH0bonOXcuivOkruU0aRdizIG5Ed0OV2PVfbw2gu7Om83ADbVuSOV
+noMwGjDVzVRAs8lu4ijuAryshVQK0LkImrwp+YkhRkFus0HWJqi/Ox+BHZt3BiFs
+ATt9J3LCLazvP6LGr4rlZixJqM2ZC7dP0lOl
+-----END CERTIFICATE-----
diff --git a/.test/tests/java-ca-certificates-update/certs_symlink/.dockerbuilder2.key b/.test/tests/java-ca-certificates-update/certs_symlink/.dockerbuilder2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDSs004yyVW4dER
+EZgTGbN1Dzbc+VcRXUCfVCuiWFeT8a8oHZrbtNxCXD6whcGvLHsjszJKUCseDLCn
+SlHIpU6Ax7tPWGsUhY6Zl8I+JzeB/8tYpyNRCLlm2Rp5Iv4oOX2btKYoUy+oFkWP
++N8d1taRSrhRvbPz+FwFSrtQwuT+grQP9yWO0qFrHL5Vjckg0BjELMYZ4rUx4KsV
++JsmCf6oPDt4b+gnMoZebumKTJ53Ej/Kh0Z30s+UHR9WlbZ9KEyuBifgErw/USqp
+ibaQbG1UTX1f5LealeITduNWcXIAkQYHddCyt8YRtO9oVrxxVdFmCtU4qUHlov7k
+xAdOC/KTAgMBAAECggEAANIrB8nVtFbjVrmdnEqVs8drnITzVmYN+gxhaSTiQwuq
+9dWyjY6+omPYVma94GKADlR7oXd+7cyLks65rrXRCdi0PaKw6vox9WdkMCY803zr
+BWrouq0Hq1W0y3x3WOjrSyjOiTgdwhBDlLH1Vk/tV/VwybOa4dMeRKveFkNmbXKU
+ZeR62r95vob4F5Ui6CWqSDRXFSml8VvBkU+6RAm697Lm5JQKoOuUueR9/L5z2Y0Z
+rpGeBQ2tbbRIAvQWG3PhQirDqduL2e8aUs/RG8jGmbAnB9LoWJtaBEgLoza6221F
+vboRWDLG5yZorXeGHT169+LQQ84rtwyjbQkvKjcP1QKBgQD632J17fWqK5cBaU2c
+2bxAwS8aoqzPgBkAD2E8/VBEmJfjUAH5KVNuF9oeO/ho6JUOHoAWxMeu9v0ikynb
+wnznQXlgieJCockJaTx1fkE/+W38uRXLK1TBSHFB7QdhPJbdeOh0jbsxNoX3wCAW
+jQDUf2CoVdt+326II71IhDnnbQKBgQDXAbpkEWMYnWbl+WmSwGGud2AO7Uaw6ZQK
+e83/zKQYcLsGHVMEJ41i2Lrd+VGJjK1eHUyOxHYg4Cel4cG5P7sU45yhehHVAeau
+Z8KzQbB8BGcyMUoQFMIK5AXIiVdgTvt+aoKMEfXSAuZi1g5ATSS6zBoXWxlJyQ4b
+R1MqOvMB/wKBgAw/3A7mD5i/iCAJhECkYQzIYgRq7QU0vAPEvHq94611xfTTc0U3
+P1ugzoWrZ/W3ZY/K7XYvJZDlfnaxuNmCJZclG0gbc3DNdYOAH/OctpLpGvW8E9RX
+yUumveD6MeINk1A9FxyZzwoYH3J5bxeqyt+VWKLfjlgjkMIU/KkNy8YBAoGAbU2G
+mTqxmyDh38YE4sMEpbIwVkZP6r5EMXQxDHrXbUlZ+sjLnFATM44kqZYG2pt2w2K3
+udisiRgLb+wuFOQOUpdH2Ft7V0NpJ36+X2zksJd4cu7VzQkQgILdYc5YajCc7+5r
+wZOb2ZD52IMjqZLOOlxqYzc/yt/4WOvQnqZrRbcCgYBQopNwh9Hx9SBIHkkZkq1Z
+iiPZl05khB/Vw76hABwjMillQd+nOJNf4kymIiOzfThEw/a4kam1zWvN0kq9Guu/
+YMvd73sqcudB5IWIjdqq0lKML2rcoBGqKGj5dFZt6Un/jqbi5nHeoMubrZkXUdG8
+PDtV2BTZDwmo+btPF//U5Q==
+-----END PRIVATE KEY-----
diff --git a/.test/tests/java-ca-certificates-update/certs_symlink/.multi-cert.crt b/.test/tests/java-ca-certificates-update/certs_symlink/.multi-cert.crt
@@ -0,0 +1,40 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUIfl8I/yasxlsTEc30PLLRuleiCswDQYJKoZIhvcNAQEL
+BQAwMTEXMBUGCgmSJomT8ixkARkWB1RlbXVyaW4xFjAUBgNVBAMMDURvY2tlckJ1
+aWxkZXIwIBcNMjMwNjEyMTgyNDE1WhgPMzAwMzA4MTQxODI0MTVaMDExFzAVBgoJ
+kiaJk/IsZAEZFgdUZW11cmluMRYwFAYDVQQDDA1Eb2NrZXJCdWlsZGVyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfOgmluNXEIE7BWvt7jGgdZW/y5s
+N78FcpZdM8Z2FatvjJKvNmJ9OkkkOSNBhGKAWpHn19JMNdQ2nEmTHMetg0hiSqRI
+hBceAY4lDfOzxAyZGGpVzL9U1B9mOrX5O3EedF5AVvl0NZVjEwswuGaUa3zZBAKy
+Z5Vv/z8Lw2uYIs/dtw8lcpEAb78BZ8bAhhhl+X+tTGK8agibLGQJT9l/JxS3pXyw
+me4YaKQQRgvuqOTEt+x+0aA5E2EUTOGq0Li+i1ranf6ou5Dz/Y6LtXwT/j2bf4ZR
+w2YHpYZL54UEtMWES2KAjsZ3u4DCxUIEfW8EgxUIhcepIDP1h05A3fSiWQIDAQAB
+o1MwUTAdBgNVHQ4EFgQUr0VirSzDQTuNgGjDxRkxPFrjUKcwHwYDVR0jBBgwFoAU
+r0VirSzDQTuNgGjDxRkxPFrjUKcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAlo6ZSAIKSUWqRygyNg9oWuLGfWMW//dZjU1MKBYVpM4Mry/aMD5d
+kMQj9hm+zXhNYN01yLh/cdPKCQ/r1KP6lmCtZHp50Xe8HEnIymRYx0KMAcqYLjnT
+DXwCPqtWvJ1do65vVJRN70CuF8T1JNFhPdirrAiuU7bhGPABfnbek7yNkTYgUSdb
+WpV/WOFPh9Dl24vNl1/Cti+pQThlCgHF/+dVndFHN9FOOG8k8ohYkLwL+ZzKfOiZ
+CVWn2mWk2EhcuTlg/3zkXmwjfzFTdXMhS1sdfJNReaY/omJ91euxB0c8iYZV4wuU
+ghx+GJ14nO7RJNHNX4k+BBPxy3f56+cYrg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIUZuRSLr7riMCDUFHVQKYQh/abmZQwDQYJKoZIhvcNAQEL
+BQAwMjEXMBUGCgmSJomT8ixkARkWB1RlbXVyaW4xFzAVBgNVBAMMDkRvY2tlckJ1
+aWxkZXIyMCAXDTI0MDcyNDIxMDk0NloYDzMwMDQwOTI1MjEwOTQ2WjAyMRcwFQYK
+CZImiZPyLGQBGRYHVGVtdXJpbjEXMBUGA1UEAwwORG9ja2VyQnVpbGRlcjIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSs004yyVW4dEREZgTGbN1Dzbc
++VcRXUCfVCuiWFeT8a8oHZrbtNxCXD6whcGvLHsjszJKUCseDLCnSlHIpU6Ax7tP
+WGsUhY6Zl8I+JzeB/8tYpyNRCLlm2Rp5Iv4oOX2btKYoUy+oFkWP+N8d1taRSrhR
+vbPz+FwFSrtQwuT+grQP9yWO0qFrHL5Vjckg0BjELMYZ4rUx4KsV+JsmCf6oPDt4
+b+gnMoZebumKTJ53Ej/Kh0Z30s+UHR9WlbZ9KEyuBifgErw/USqpibaQbG1UTX1f
+5LealeITduNWcXIAkQYHddCyt8YRtO9oVrxxVdFmCtU4qUHlov7kxAdOC/KTAgMB
+AAGjUzBRMB0GA1UdDgQWBBQ1oKojBf5qgkezUk6axrz3CjdHmzAfBgNVHSMEGDAW
+gBQ1oKojBf5qgkezUk6axrz3CjdHmzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCDUUOV23QzoqeGs7CKHXg+Mvxn6E4Tm395c0RKJRiHXEueQ2JD
+e7ywfb11f/vGyudWVKe1wiRuMP4U8G6V3m6C/CSJrz1J3N9fvN23iPaZIh1O0vSr
+xOz5UmiSsRW8BEQYCvF8CoWim1fG+KjtRhO6QqKLtK11j6TwZaUBIvSwK+OZKSuw
+q8SuBRXNrIJvH0bonOXcuivOkruU0aRdizIG5Ed0OV2PVfbw2gu7Om83ADbVuSOV
+noMwGjDVzVRAs8lu4ijuAryshVQK0LkImrwp+YkhRkFus0HWJqi/Ox+BHZt3BiFs
+ATt9J3LCLazvP6LGr4rlZixJqM2ZC7dP0lOl
+-----END CERTIFICATE-----
diff --git a/.test/tests/java-ca-certificates-update/certs_symlink/README.md b/.test/tests/java-ca-certificates-update/certs_symlink/README.md
@@ -1 +1,9 @@
-This certificate/key pair has been generated with `openssl req -nodes -new -x509 -days 358000 -subj "/DC=Temurin/CN=DockerBuilder" -keyout certs/dockerbuilder.key -out certs/dockerbuilder.crt` and is only used for testing
+These certificate/key pairs has been generated with
+
+``` shell
+$ openssl req -nodes -new -x509 -days 358000 -subj "/DC=Temurin/CN=DockerBuilder" -keyout certs/dockerbuilder.key -out certs/dockerbuilder.crt
+$ openssl req -nodes -new -x509 -days 358000 -subj "/DC=Temurin/CN=DockerBuilder2" -keyout certs/dockerbuilder2.key -out certs/dockerbuilder2.crt
+$ cat certs/dockerbuilder.crt certs/dockerbuilder2.crt > certs/multi-cert.crt
+```
+
+ and are only used for testing
diff --git a/.test/tests/java-ca-certificates-update/certs_symlink/dockerbuilder.crt b/.test/tests/java-ca-certificates-update/certs_symlink/dockerbuilder.crt
diff --git a/.test/tests/java-ca-certificates-update/certs_symlink/multi-cert.crt b/.test/tests/java-ca-certificates-update/certs_symlink/multi-cert.crt
@@ -0,0 +1 @@
+.multi-cert.crt
diff --git a/.test/tests/java-ca-certificates-update/run.sh b/.test/tests/java-ca-certificates-update/run.sh
@@ -10,7 +10,7 @@ CMD1=date
 
 # CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to
 # point to the Java keystore.
-CMD2=(sh -c "keytool -list -keystore \$CACERT -storepass changeit -alias dockerbuilder")
+CMD2=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\"  -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder2")
 
 # For a custom entrypoint test, we need to create a new image. This image will get cleaned up at the end of the script
 # by the `finish` trap function.

diff --git a/11/jdk/alpine/Dockerfile b/11/jdk/alpine/Dockerfile
@@ -37,6 +37,11 @@ RUN set -eux; \
         # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8
         musl-locales musl-locales-lang \
         tzdata \
+        # Contains `csplit` used for splitting multiple certificates in one file to multiple files, since keytool can
+        # only import one at a time.
+        coreutils \
+        # Needed to extract CN and generate aliases for certificates
+        openssl \
     ; \
     rm -rf /var/cache/apk/*
 

diff --git a/11/jdk/alpine/entrypoint.sh b/11/jdk/alpine/entrypoint.sh
@@ -1,50 +1,70 @@
 #!/usr/bin/env sh
-# Converted to POSIX shell to avoid the need for bash in the image
+# This script defines `sh` as the interpreter, which is available in all POSIX environments. However, it might get
+# started with `bash` as the shell to support dotted.environment.variable.names which are not supported by POSIX, but
+# are supported by `sh` in some Linux flavours.
 
 set -e
 
+TMPDIR=${TMPDIR:-/tmp}
+
 # JDK truststore location
-CACERT=$JAVA_HOME/lib/security/cacerts
+JRE_CACERTS_PATH=$JAVA_HOME/lib/security/cacerts
 
 # JDK8 puts its JRE in a subdirectory
 if [ -f "$JAVA_HOME/jre/lib/security/cacerts" ]; then
-    CACERT=$JAVA_HOME/jre/lib/security/cacerts
+    JRE_CACERTS_PATH=$JAVA_HOME/jre/lib/security/cacerts
 fi
 
 # Opt-in is only activated if the environment variable is set
 if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
 
-    if [ ! -w /tmp ]; then
-        echo "Using additional CA certificates requires write permissions to /tmp. Cannot create truststore."
+    if [ ! -w "$TMPDIR" ]; then
+        echo "Using additional CA certificates requires write permissions to $TMPDIR. Cannot create truststore."
         exit 1
     fi
 
     # Figure out whether we can write to the JVM truststore. If we can, we'll add the certificates there. If not,
     # we'll use a temporary truststore.
-    if [ ! -w "$CACERT" ]; then
+    if [ ! -w "$JRE_CACERTS_PATH" ]; then
         # We cannot write to the JVM truststore, so we create a temporary one
-        CACERT_NEW=$(mktemp)
-        echo "Using a temporary truststore at $CACERT_NEW"
-        cp $CACERT $CACERT_NEW
-        CACERT=$CACERT_NEW
+        JRE_CACERTS_PATH_NEW=$(mktemp)
+        echo "Using a temporary truststore at $JRE_CACERTS_PATH_NEW"
+        cp "$JRE_CACERTS_PATH" "$JRE_CACERTS_PATH_NEW"
+        JRE_CACERTS_PATH=$JRE_CACERTS_PATH_NEW
         # If we use a custom truststore, we need to make sure that the JVM uses it
-        export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${CACERT} -Djavax.net.ssl.trustStorePassword=changeit"
+        export JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Djavax.net.ssl.trustStore=${JRE_CACERTS_PATH} -Djavax.net.ssl.trustStorePassword=changeit"
     fi
 
     tmp_store=$(mktemp)
 
     # Copy full system CA store to a temporary location
-    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store"
+    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$tmp_store" > /dev/null
 
     # Add the system CA certificates to the JVM truststore.
-    keytool -importkeystore -destkeystore "$CACERT" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt # >/dev/null
+    keytool -importkeystore -destkeystore "$JRE_CACERTS_PATH" -srckeystore "$tmp_store" -srcstorepass changeit -deststorepass changeit -noprompt > /dev/null
+
+    # Clean up the temporary truststore
+    rm -f "$tmp_store"
 
     # Import the additional certificate into JVM truststore
     for i in /certificates/*crt; do
         if [ ! -f "$i" ]; then
             continue
         fi
-        keytool -import -noprompt -alias "$(basename "$i" .crt)" -file "$i" -keystore "$CACERT" -storepass changeit # >/dev/null
+        tmp_dir=$(mktemp -d)
+        BASENAME=$(basename "$i" .crt)
+
+        # We might have multiple certificates in the file. Split this file into single files. The reason is that
+        # `keytool` does not accept multi-certificate files
+        csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
+
+        for crt in "$tmp_dir/$BASENAME"-*; do
+            # Create an alias for the certificate
+            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+
+            # Add the certificate to the JVM truststore
+            keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null
+        done
     done
 
     # Add additional certificates to the system CA store. This requires write permissions to several system
@@ -68,12 +88,12 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         fi
 
         # UBI
-        if which update-ca-trust >/dev/null; then
+        if command -v update-ca-trust >/dev/null; then
             update-ca-trust
         fi
 
         # Ubuntu/Alpine
-        if which update-ca-certificates >/dev/null; then
+        if command -v update-ca-certificates >/dev/null; then
             update-ca-certificates
         fi
     else
@@ -84,6 +104,6 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
 fi
 
 # Let's provide a variable with the correct path for tools that want or need to use it
-export CACERT
+export JRE_CACERTS_PATH
 
 exec "$@"