Skip to main content

How to add a custom certificate​

Prerequisite: A certificate in .pem format

Goal: Make a custom certificate available system-wide

This is for certificates used by system-level services.

Kubernetes workloads should bring their certificates within the container image instead.

In order to install a custom certificate we need to

  • copy the .pem file to /etc/pki/trust/anchors/
  • run update-ca-certificates

The respective cloud-config snippet looks like this:

write_files:
  - path: /etc/pki/trust/anchors/my-custom-certificate.pem
    permission: 0444
    content: |-
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
runcmd:
  - update-ca-certificates

(actual certificate content omitted for brevity reasons)