Add and configure trusted CA certificates

These examples demonstrate adding CA certificates to the system’s CA store, and configuring the same.

For a full list of keys, refer to the CA certificates module schema.

Add a single-line certificate

1#cloud-config
2ca_certs:
3  remove_defaults: true
4  trusted:
5  - single_line_cert
6  - |
7    -----BEGIN CERTIFICATE-----
8    YOUR-ORGS-TRUSTED-CA-CERT-HERE
9    -----END CERTIFICATE-----

Configure multiline certificates

This example configures CA certificates (system-wide) to establish SSL/TLS trust when the instance boots for the first time.

  • If present and set to true, the remove_defaults parameter will disable all trusted CA certifications normally shipped with Alpine, Debian or Ubuntu. On RedHat, this action will delete those certificates.

    This is primarily for security-sensitive use cases – most users will not need this functionality.

  • If present, the trusted parameter should contain a certificate (or list of certificates) to add to the system as trusted CA certificates.

    In this example, note the YAML multiline list syntax, which configures a list of multiline certificates.

#cloud-config
ca_certs:
  remove_defaults: true
  trusted:
  - |
   -----BEGIN CERTIFICATE-----
   YOUR-ORGS-TRUSTED-CA-CERT-HERE
   -----END CERTIFICATE-----
  - |
   -----BEGIN CERTIFICATE-----
   YOUR-ORGS-TRUSTED-CA-CERT-HERE
   -----END CERTIFICATE-----