-Djavax.net.ssl.trustStore is ignored

Actually, the underlying issue is that the built-in cacerts does not recognize a Digi-signed cert - it works in every web browser.

But no worries, I supposed I could just mount my trustStore wherever and make up a password - pretty clunky already, but doable

      -Djavax.net.ssl.trustStore=trustStore.jks \
      -Djavax.net.ssl.trustStorePassword='change me'

butttt those flags don’t seem to work. I have run bash on the container and checked all my mounts, etc.

edit: I have found a workaround by literally mounting a file as $JAVA_HOME/lib/security/cacerts which is my trustStore - this is clunky because on a priori knowledge of what JAVA_HOME is - and gives me low confidence that it will always be /opt/java/openjdk