diff --git a/bitnami/ejbca/6/debian-10/Dockerfile b/bitnami/ejbca/6/debian-10/Dockerfile
index 489e4f7071e0..8bef8f9bdca1 100644
--- a/bitnami/ejbca/6/debian-10/Dockerfile
+++ b/bitnami/ejbca/6/debian-10/Dockerfile
@@ -6,6 +6,8 @@ ENV HOME="/" \
     OS_FLAVOUR="debian-10" \
     OS_NAME="linux"
 
+ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
+
 COPY prebuildfs /
 # Install required system packages and dependencies
 RUN install_packages acl ca-certificates curl gzip libaio1 libaudit1 libc6 libcap-ng0 libgcc1 libicu63 libjemalloc2 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps tar zlib1g
@@ -18,9 +20,11 @@ RUN chmod g+rwX /opt/bitnami
 
 COPY rootfs /
 RUN /opt/bitnami/scripts/ejbca/postunpack.sh
+RUN /opt/bitnami/scripts/java/postunpack.sh
 ENV ALLOW_EMPTY_PASSWORD="no" \
     BITNAMI_APP_NAME="ejbca" \
-    BITNAMI_IMAGE_VERSION="6.15.2-6-debian-10-r399" \
+    BITNAMI_IMAGE_VERSION="6.15.2-6-debian-10-r400" \
+    JAVA_HOME="/opt/bitnami/java" \
     MARIADB_HOST="mariadb" \
     MARIADB_PORT_NUMBER="3306" \
     MARIADB_ROOT_PASSWORD="" \
diff --git a/bitnami/ejbca/6/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/ejbca/6/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh
index ae5e2459c377..b438c913341d 100644
--- a/bitnami/ejbca/6/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh
+++ b/bitnami/ejbca/6/debian-10/prebuildfs/opt/bitnami/scripts/libfs.sh
@@ -50,8 +50,9 @@ ensure_dir_exists() {
 #   boolean
 #########################
 is_dir_empty() {
-    local dir="${1:?missing directory}"
-
+    local -r path="${1:?missing directory}"
+    # Calculate real path in order to avoid issues with symlinks
+    local -r dir="$(realpath "$path")"
     if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
         true
     else
@@ -88,7 +89,7 @@ is_file_writable() {
     local dir
     dir="$(dirname "$file")"
 
-    if [[ ( -f "$file" && -w "$file" ) || ( ! -f "$file" && -d "$dir" && -w "$dir" ) ]]; then
+    if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
         true
     else
         false
@@ -136,31 +137,31 @@ configure_permissions_ownership() {
     shift 1
     while [ "$#" -gt 0 ]; do
         case "$1" in
-            -f|--file-mode)
-                shift
-                file_mode="${1:?missing mode for files}"
-                ;;
-            -d|--dir-mode)
-                shift
-                dir_mode="${1:?missing mode for directories}"
-                ;;
-            -u|--user)
-                shift
-                user="${1:?missing user}"
-                ;;
-            -g|--group)
-                shift
-                group="${1:?missing group}"
-                ;;
-            *)
-                echo "Invalid command line flag $1" >&2
-                return 1
-                ;;
+        -f | --file-mode)
+            shift
+            file_mode="${1:?missing mode for files}"
+            ;;
+        -d | --dir-mode)
+            shift
+            dir_mode="${1:?missing mode for directories}"
+            ;;
+        -u | --user)
+            shift
+            user="${1:?missing user}"
+            ;;
+        -g | --group)
+            shift
+            group="${1:?missing group}"
+            ;;
+        *)
+            echo "Invalid command line flag $1" >&2
+            return 1
+            ;;
         esac
         shift
     done
 
-    read -r -a filepaths <<< "$paths"
+    read -r -a filepaths <<<"$paths"
     for p in "${filepaths[@]}"; do
         if [[ -e "$p" ]]; then
             if [[ -n $dir_mode ]]; then
diff --git a/bitnami/ejbca/6/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/ejbca/6/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh
new file mode 100755
index 000000000000..24a5c9bc15fa
--- /dev/null
+++ b/bitnami/ejbca/6/debian-10/rootfs/opt/bitnami/scripts/java/postunpack.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purpose
+
+# Load libraries
+. /opt/bitnami/scripts/libfile.sh
+. /opt/bitnami/scripts/liblog.sh
+
+#
+# Java post-unpack operations
+#
+
+# Override default files in the Java security directory. This is used for
+# custom base images (with custom CA certificates or block lists is used)
+
+if ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
+    info "Adding custom CAs to the Java security folder"
+    cp -Lr "$JAVA_EXTRA_SECURITY_DIR" /opt/bitnami/java/lib/security
+fi
diff --git a/bitnami/ejbca/README.md b/bitnami/ejbca/README.md
index b722a5cd5b1f..da624acd4518 100644
--- a/bitnami/ejbca/README.md
+++ b/bitnami/ejbca/README.md
@@ -38,7 +38,7 @@ Learn more about the Bitnami tagging policy and the difference between rolling t
 
 
 * [`7`, `7-debian-10`, `7.4.3-2`, `7.4.3-2-debian-10-r33`, `latest` (7/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-ejbca/blob/7.4.3-2-debian-10-r33/7/debian-10/Dockerfile)
-* [`6`, `6-debian-10`, `6.15.2-6`, `6.15.2-6-debian-10-r399` (6/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-ejbca/blob/6.15.2-6-debian-10-r399/6/debian-10/Dockerfile)
+* [`6`, `6-debian-10`, `6.15.2-6`, `6.15.2-6-debian-10-r400` (6/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-ejbca/blob/6.15.2-6-debian-10-r400/6/debian-10/Dockerfile)
 
 Subscribe to project updates by watching the [bitnami/ejbca GitHub repo](https://github.com/bitnami/bitnami-docker-ejbca).