From c4cb80ad511c93456329a4aa38f5680ad594ee5f Mon Sep 17 00:00:00 2001
From: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
Date: Fri, 15 May 2026 12:27:07 +0200
Subject: [PATCH 1/2] Refactor custom truststore creation to use Java cacerts
 as base

---
 ods-api-service/docker/install-certs.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ods-api-service/docker/install-certs.sh b/ods-api-service/docker/install-certs.sh
index bfd62c3e4..bbd3f3299 100644
--- a/ods-api-service/docker/install-certs.sh
+++ b/ods-api-service/docker/install-certs.sh
@@ -19,10 +19,12 @@ fi
 CERT_DIR=$(mktemp -d)
 echo "Created temporary directory: $CERT_DIR"
 
-echo "Creating new custom truststore from scratch at: $CUSTOM_TRUSTSTORE"
+echo "Creating custom truststore based on Java cacerts at: $CUSTOM_TRUSTSTORE"
 
-# Remove existing truststore if it exists
+# Copy Java cacerts as the base truststore
 rm -f "$CUSTOM_TRUSTSTORE"
+cp "$JAVA_HOME/lib/security/cacerts" "$CUSTOM_TRUSTSTORE"
+chmod 600 "$CUSTOM_TRUSTSTORE"
 
 # Split CERT_URLS by comma and process each URL
 IFS=',' read -ra URLS <<< "$CERT_URLS"

From 892dfb8abd43aaf58ff9b8dee97df66a1de5c4de Mon Sep 17 00:00:00 2001
From: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
Date: Fri, 15 May 2026 13:25:24 +0200
Subject: [PATCH 2/2] Modify Changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d4f3bcfb9..50d313fa8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
 - Update tailor to 1.4.0 ([#1373](https://github.com/opendevstack/ods-core/pull/1373))
 - Update Jenkins java version to jdk 21 ([#1374](https://github.com/opendevstack/ods-core/pull/1374))
 - Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375)) ([1377](https://github.com/opendevstack/ods-core/pull/1377))([1378](https://github.com/opendevstack/ods-core/pull/1378))([1379](https://github.com/opendevstack/ods-core/pull/1379))([1380](https://github.com/opendevstack/ods-core/pull/1380))
+- Change the way the certificates are installed in the container of ods-api-service to update the cacert ([1381](https://github.com/opendevstack/ods-core/pull/1381))
 
 ### Fixed