public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-06 05:03:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c0fb7dfe2bf51e22c847dc82a7ca94717e79baf
rancher-docs/docs/getting-started/installation-and-upgrade/resources/custom-ca-root-certificates.md
T
Marty Hernandez Avedon a24c628687 #420 Adding canonical refs to ./getting-started part 7/10 (#626) 
* canonicized choosing-a-rancher-version

* canonicized custom-ca-roo-certificate

* canonicized helm-version-requirments

* canonicized local-system-charts

* canonized update-rancher-certificate

* canonized upgrade-cert-manager

including pages pertaining to helm 2

* canonicized upgrade-and-rollback-kubernetes

* canonicized upgrade-kubernetes-without-upgrading-rancher
2023-05-25 17:25:14 -04:00

29 lines
1.7 KiB
Markdown
Raw Blame History

---
title: About Custom CA Root Certificates
---
<head>
<link rel="canonical" href="https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/custom-ca-root-certificates"/>
</head>
If you're using Rancher in an internal production environment where you aren't exposing apps publicly, use a certificate from a private certificate authority (CA).
Services that Rancher needs to access are sometimes configured with a certificate from a custom/internal CA root, also known as self signed certificate. If the presented certificate from the service cannot be validated by Rancher, the following error displays: `x509: certificate signed by unknown authority`.
To validate the certificate, the CA root certificates need to be added to Rancher. As Rancher is written in Go, we can use the environment variable `SSL_CERT_DIR` to point to the directory where the CA root certificates are located in the container. The CA root certificates directory can be mounted using the Docker volume option (`-v host-source-directory:container-destination-directory`) when starting the Rancher container.
Examples of services that Rancher can access:
- Catalogs
- Authentication providers
- Accessing hosting/cloud API when using Node Drivers
## Installing with the custom CA Certificate
For details on starting a Rancher container with your private CA certificates mounted, refer to the installation docs:
- [Docker install Custom CA certificate options](../../../reference-guides/single-node-rancher-in-docker/advanced-options.md#custom-ca-certificate)
- [Kubernetes install options for Additional Trusted CAs](../installation-references/helm-chart-options.md#additional-trusted-cas)
Reference in New Issue View Git Blame Copy Permalink