Debian

#

Wipe your existing

curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o /etc/ssl/certs/ca-certificates.crt

Kubernetes Container & Helm

Get Trusted Store pem

mkdir -p myhost-files
curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o myhost-files/ca-certificates.crt
kubectl create configmap myhost-files --from-file=myhost-files --save-config --dry-run=client -o yaml | kubectl apply -f -

Update helm values.yaml

    extraVolumeMounts:
      - mountPath: /etc/ssl/certs/ca-certificates.crt
        subPath: ca-certificates.crt
        name: myhost-files
    # extraVolumes: []
    extraVolumes:
      - name: myhost-files
        configMap:
          name: host-files

Notes

curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o /etc/ssl/certs/ca-certificates.crt

Then mount the volume to

/etc/ssl/certs/ca-certificates.crt

extraVolumeMounts: [] extraVolumes: []

/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Windows

cd c:\certs\
certutil.exe -generateSSTFromWU roots.sst
$sst = ( Get-ChildItem -Path C:\certs\roots.sst )
$sst = ( Get-ChildItem roots.sst )
$sst| Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root

$rootCa = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object {$_.Subject -eq "CN=My Awesome Root CA"}