Establishing trust in your CLI

ENTERPRISE

Establishing trust in your CLI

By default, the DC/OS CLI does not verify the signer of TLS certificates. We recommend completing the following brief procedure to ensure that the DC/OS CLI trusts only your DC/OS CA and refuses connections with other parties.

NOTE: This procedure should be unnecessary if you have set up a proxy.

By default, the DC/OS CLI does not verify the signer of TLS certificates. We recommend completing the following brief procedure to ensure that the DC/OS CLI trusts only your DC/OS CA and refuses connections with other parties.

Prerequisite: A local copy of the root certificate of your DC/OS CA.

  1. Use the following command to change the default and to set the DC/OS CLI to trust your DC/OS CA.

    1. dcos config set core.ssl_verify $(pwd)/dcos-ca.crt
  2. You should receive the following message, indicating success.

    1. [core.ssl_verify]: changed from 'False' to '/path/dcos-ca.crt'