diff --git a/.docker/cert.sh b/.docker/cert.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e22cfba2995b5fd9d812232f562b7254233fe5b0
--- /dev/null
+++ b/.docker/cert.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (C) 2019 Daniel Hornung, Göttingen
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+
+
+# Creates a directory `cert` and certificates in this directory.
+#
+# The hostname for which the certificate is created can be changed by setting
+# the environment variable CAOSHOSTNAME.
+#
+# ## Overview of variables ##
+#
+# - CAOSHOSTNAME :: Hostname for the key (localhost)
+# - KEYPW :: Password for the key (default ist CaosDBSecret)
+# - KEYSTOREPW :: Password for the key store (same as KEYPW)
+function cert() {
+    mkdir -p cert
+    cd cert
+    KEYPW="${KEYPW:-CaosDBSecret}"
+    CAOSHOSTNAME="${CAOSHOSTNAME:-localhost}"
+    KEYSTOREPW="${KEYPW:-}"
+    # NOTE: KEYPW and KEYSTOREPW are the same, due to Java limitations.
+    KEYPW="${KEYPW}" openssl genrsa -aes256 -out caosdb.key.pem \
+         -passout env:KEYPW 2048
+    # Certificate is for localhost
+    KEYPW="${KEYPW}" openssl req -new -x509 -key caosdb.key.pem \
+         -out caosdb.cert.pem -passin env:KEYPW \
+         -subj "/C=/ST=/L=/O=/OU=/CN=${CAOSHOSTNAME}"
+    KEYPW="${KEYPW}" KEYSTOREPW="$KEYSTOREPW" openssl pkcs12 -export \
+         -inkey caosdb.key.pem -in caosdb.cert.pem -out all-certs.pkcs12 \
+         -passin env:KEYPW -passout env:KEYPW
+
+    keytool -importkeystore -srckeystore all-certs.pkcs12 -srcstoretype PKCS12 \
+            -deststoretype pkcs12 -destkeystore caosdb.jks \
+            -srcstorepass "${KEYPW}" \
+            -destkeypass "${KEYPW}" -deststorepass "$KEYSTOREPW"
+    echo "Certificates successfuly created."
+}
+
+cert
diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml
index 953fb82a4c5084f49f2e52d08bd805cb083546c7..ecc74fabff91d0c5568a29200f268809ad936518 100644
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -13,6 +13,10 @@ services:
       - sqldb
     networks:
       - caosnet
+    volumes:
+      - type: bind
+        source: ./cert
+        target: /opt/caosdb/cert
     ports:
       # - "from_outside:from_inside"
       - "10443:10443"
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c0a14a7848bf4c4d674d1265999751f1c42bd636..c71826cbb13bc947f835c8fdf068a4c57a4f1db4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -62,6 +62,7 @@ services:
 
 stages: 
   - setup
+  - cert
   - style
   - test
 
@@ -79,8 +80,8 @@ test:
       - docker login -u testuser -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
       - docker pull $CI_REGISTRY_IMAGE:latest
       - cd .docker
+      - ls
       - CAOSDB_TAG=$CAOSDB_TAG docker-compose  up -d
-      - docker cp docker_caosdb-server_1:/opt/caosdb/cert cert
         # writes the return value of the tests into the file result
       - /bin/sh ./run.sh 
       - docker logs docker_caosdb-server_1 &> ../caosdb_log.txt
@@ -88,6 +89,7 @@ test:
       - docker-compose down
       - rc=`cat result`
       - exit $rc
+  dependencies: [style]
   artifacts:
     paths:
       - caosdb_log.txt
@@ -115,5 +117,12 @@ style:
   stage: style
   image: $CI_REGISTRY_IMAGE:latest
   script:
+      - cd .docker
+      - CAOSHOSTNAME=caosdb-server ./cert.sh
+      - cd ..
       - autopep8 -r --diff --exit-code .
   allow_failure: true   
+  artifacts:
+    paths:
+      - .docker/cert/
+    expire_in: 1 week
diff --git a/.docker/Dockerfile b/Dockerfile
similarity index 73%
rename from .docker/Dockerfile
rename to Dockerfile
index 69f27a45cfecc65f2dfd3203b73d333635d36bf5..01824f4a51ecbaa3166c4312a7aff3ca628ecdd1 100644
--- a/.docker/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,13 @@
 FROM debian:latest
 RUN apt-get update && \
-	 apt-get install tox curl python3-pip git python-autopep8 -y
+	 apt-get install \
+	 curl \
+	 git \
+	 openjdk-11-jdk-headless \
+	 python-autopep8 \
+	 python3-pip \
+	 tox \
+	 -y
 COPY .docker/wait-for-it.sh /wait-for-it.sh
 RUN git clone https://gitlab.com/caosdb/caosdb-pylib.git && \
    cd caosdb-pylib && pip3 install .