How to import certs into non-root Java container

Question

I'm developing a Java container that connects an external server using HTTPS as a part of my product.

As the external server's certificate differs from customer to customer, it's not possible to import the cert beforehand.

So I wrote a shell so that the container can import all certs located in a specific directory that mounts a directory of a host machine.

Dockerfile:

...
ENTRYPOINT ["entrypoint.sh"]

entrypoint.sh:

#!/bin/sh

# Import certs
for cert in `ls /mydirectory/certs`
do
  alias=`echo $cert | sed 's/\.[^\.]*$//'`
  /opt/jdk-15/bin/keytool -importcert -alias $alias -cacerts -storepass changeit -file /mydirectory/$cert -noprompt
done

# Start the main process
java -jar /mydirectory/test.jar

However, since the container runs as a non-root user, I got the following error when the container started:

Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /opt/jdk-15/lib/security/cacerts (Permission denied)

The default permission of cacerts was 644 so I could manage the problem by describing RUN chmod 666 /opt/jdk-15/lib/security/cacerts in the Dockerfile but I'm not sure this is a good way. Is there any proper way to import certs when the container runs as a non-root?