Add and configure trusted CA certificates¶
These examples demonstrate adding CA certificates to the system’s CA store, and configuring the same.
For a full list of keys, refer to the CA certificates module schema.
Add a single-line certificate¶
1#cloud-config 2ca_certs: 3remove_defaults:true 4trusted: 5-single_line_cert 6-| 7-----BEGIN CERTIFICATE----- 8YOUR-ORGS-TRUSTED-CA-CERT-HERE 9-----END CERTIFICATE-----
Configure multiline certificates¶
This example configures CA certificates (system-wide) to establish SSL/TLS trust when the instance boots for the first time.
If present and set to
true, theremove_defaultsparameter will disable all trusted CA certifications normally shipped with Alpine, Debian or Ubuntu. On RedHat, this action will delete those certificates.This is primarily for security-sensitive use cases – most users will not need this functionality.
If present, the
trustedparameter should contain a certificate (or list of certificates) to add to the system as trusted CA certificates.In this example, note the YAML multiline list syntax, which configures a list of multiline certificates.
#cloud-config ca_certs: remove_defaults:true trusted: -| -----BEGIN CERTIFICATE----- YOUR-ORGS-TRUSTED-CA-CERT-HERE -----END CERTIFICATE----- -| -----BEGIN CERTIFICATE----- YOUR-ORGS-TRUSTED-CA-CERT-HERE -----END CERTIFICATE-----