CoreOS Container Linux Logo

A container-focused OS that's designed for painless management in large clusters

Custom certificate authorities

CoreOS Container Linux supports custom Certificate Authorities (CAs) in addition to the default list of trusted CAs. Adding your own CA allows you to:

  • Use a corporate wildcard certificate
  • Use your own CA to communicate with an installation of CoreUpdate

The setup process for any of these use-cases is the same:

  1. Copy the PEM-encoded certificate authority file (usually with a .pem file name extension) to /etc/ssl/certs

  2. Run the update-ca-certificates script to update the system bundle of Certificate Authorities. All programs running on the system will now trust the added CA.

More information

Generate Self-Signed Certificates

etcd Security Model