How to add a custom certificate
Prerequisite: A certificate in .pem format
Goal: Make a custom certificate available system-wide
|
This is for certificates used by system-level services.
Kubernetes workloads should bring their certificates within the container image instead. |
In order to install a custom certificate we need to
-
copy the
.pemfile to/etc/pki/trust/anchors/ -
run
update-ca-certificates
The respective cloud-config snippet looks like this:
write_files:
- path: /etc/pki/trust/anchors/my-custom-certificate.pem
permission: 0444
content: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
runcmd:
- update-ca-certificates(actual certificate content omitted for brevity reasons)