diff --git a/testkit/Dockerfile b/testkit/Dockerfile
index 064e3eccf9..5515042538 100644
--- a/testkit/Dockerfile
+++ b/testkit/Dockerfile
@@ -8,16 +8,11 @@ RUN apt-get update && apt-get install -y \
       curl \
       apt-transport-https \
       python3 \
+      p11-kit \
     && rm -rf /var/lib/apt/lists/*
 
-# https://adoptium.net/en-GB/installation/linux
-RUN mkdir -p /etc/apt/keyrings \
-    && curl --location --silent --show-error https://packages.adoptium.net/artifactory/api/gpg/key/public -o /etc/apt/keyrings/adoptium.asc \
-    && echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list > /dev/null \
-    && apt-get update && apt-get install -y \
-      temurin-17-jdk \
-    && rm -rf /var/lib/apt/lists/* \
-    && ln -s /usr/lib/jvm/temurin-17-jdk-* $JAVA_HOME
+# https://hub.docker.com/_/eclipse-temurin
+COPY --from=eclipse-temurin:17-jdk /opt/java/openjdk $JAVA_HOME
 
 COPY --from=maven:3.9.2-eclipse-temurin-17 /usr/share/maven /opt/apache-maven
 
@@ -26,7 +21,12 @@ COPY --from=maven:3.9.2-eclipse-temurin-17 /usr/share/maven /opt/apache-maven
 # JAVA_HOME needed by update-ca-certificates hook to update Java with changed system CAs.
 COPY CAs/* /usr/local/share/ca-certificates/
 COPY CustomCAs/* /usr/local/share/custom-ca-certificates/
-RUN echo 'jdk.tls.disabledAlgorithms=jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL' > /testkit.java.security \
-    && update-ca-certificates
+RUN echo 'jdk.tls.disabledAlgorithms=jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL' > /testkit.java.security
+
+# https://github.com/adoptium/containers/issues/293
+# https://github.com/adoptium/containers/pull/392
+# https://github.com/adoptium/containers/blob/f6d4923380ecb1ec4b0d58c633ebb0aeed4c8332/17/jdk/ubuntu/jammy/entrypoint.sh#L23
+RUN update-ca-certificates \
+    && trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"
 
 ENV PATH=$JAVA_HOME/bin:/opt/apache-maven/bin:$PATH