Trusted System Certificates

Page last updated:

The Cloud Foundry Administrator can deploy a set of trusted system certificates to be made available in Linux-based application instances running on the Diego backend. Such instances include buildpack-based apps using the cflinuxfs2 stack and Docker-image-based apps.

If the administrator has configured these certificates, they will be available inside the instance containers as files with extension .crt in the read-only /etc/cf-system-certificates directory. For cflinuxfs2-based apps, these certificates will also be installed directly in the /etc/ssl/certs directory, and so will be available automatically to libraries such as openssl that respect that trust store. If the administrator has configured these certificates, the location of the certificates is also provided in the environment variable CF_SYSTEM_CERT_PATH on the instance container.

Create a pull request or raise an issue on the source for this page in GitHub