How to add a custom certificate
Prerequisite: A certificate in .pem
format
Goal: Make a custom certificate available system-wide
This is for certificates used by system-level services.
Kubernetes workloads should bring their certificates within the container image instead.
In order to install a custom certificate we need to
- copy the
.pem
file to/etc/pki/trust/anchors/
- run
update-ca-certificates
The respective cloud-config
snippet looks like this:
write_files:
- path: /etc/pki/trust/anchors/my-custom-certificate.pem
permission: 0444
content: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
runcmd:
- update-ca-certificates
(actual certificate content omitted for brevity reasons)