How to add a custom certificate

Prerequisite: A certificate in .pem format

Goal: Make a custom certificate available system-wide

Add a custom certificate - 图1This is for certificates used by system-level services.

Kubernetes workloads should bring their certificates within the container image instead.

In order to install a custom certificate we need to

  • copy the .pem file to /etc/pki/trust/anchors/
  • run update-ca-certificates

The respective cloud-config snippet looks like this:

  1. write_files:
  2. - path: /etc/pki/trust/anchors/my-custom-certificate.pem
  3. permission: 0444
  4. content: |-
  5. -----BEGIN CERTIFICATE-----
  6. ...
  7. -----END CERTIFICATE-----
  8. runcmd:
  9. - update-ca-certificates

(actual certificate content omitted for brevity reasons)