Configuring trusted system certificates for applications
Page last updated:
The following mechanisms exist to provide trusted certificates to applications running on Cloud Foundry:
For the
cflinuxfs3
stack, you can install the trusted certificates directly into the system trust store at/etc/ssl/certs
. In the deployment manifest, set thecflinuxfs3-rootfs.trusted_certs
property of the stack release’scflinuxfs3-rootfs-setup
job to the concatenated values of the PEM-encoded CA certificates.
For example:properties: cflinuxfs3-rootfs: trusted_certs: | -----BEGIN CERTIFICATE----- (contents of certificate #1) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (contents of certificate #2) -----END CERTIFICATE-----
You can also present trusted certificates to all application instances, including those based on Docker images and those on Windows.
To do so, provide the concatenated PEM-encoded CA certificates in thecontainers.trusted_ca_certificates
BOSH properties onrep
andrep_windows
jobs for the Diego release. This property accepts a list of string values, and each string may contain one or more PEM-encoded X.509 certificates.
The individual certificates in this property appear as separate files in the/etc/cf-system-certificates
directory in Linux containers, and in the%USERPROFILE%/etc/cf-system-certificates
directory in Windows 2012 containers.
For example:properties: containers: trusted_ca_certificates: - | -----BEGIN CERTIFICATE----- (contents of certificate #1) -----END CERTIFICATE----- - | -----BEGIN CERTIFICATE----- (contents of certificate #2) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (contents of certificate #3) -----END CERTIFICATE-----