Difference between revisions of "Certificate Authority Custom"

From UVOO Tech Wiki
Jump to navigation Jump to search
Line 91: Line 91:
 
         configMap:
 
         configMap:
 
           name: host-files
 
           name: host-files
 +
```
 +
 +
or
 +
```
 +
extraConfigmapMounts:
 
```
 
```
  
 
Note that fedora based is in this folder
 
Note that fedora based is in this folder
 
/etc/pki/ca-trust
 
/etc/pki/ca-trust

Revision as of 00:07, 6 December 2023

Debian

Wipe your existing

curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o /etc/ssl/certs/ca-certificates.crt

Kubernetes Container & Helm

Get Trusted Store pem 

mkdir -p myhost-files
curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o myhost-files/ca-certificates.crt
kubectl create configmap myhost-files --from-file=myhost-files --save-config --dry-run=client -o yaml | kubectl apply -f -

Update helm values.yaml 

    extraVolumeMounts:
      - mountPath: /etc/ssl/certs/ca-certificates.crt
        subPath: ca-certificates.crt
        name: myhost-files
    # extraVolumes: []
    extraVolumes:
      - name: myhost-files
        configMap:
          name: host-files

Notes

curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o /etc/ssl/certs/ca-certificates.crt

Then mount the volume to

/etc/ssl/certs/ca-certificates.crt

extraVolumeMounts: [] extraVolumes: []

/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Windows

cd c:\certs\
certutil.exe -generateSSTFromWU roots.sst
$sst = ( Get-ChildItem -Path C:\certs\roots.sst )
$sst = ( Get-ChildItem roots.sst )
$sst| Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root

$rootCa = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object {$_.Subject -eq "CN=My Awesome Root CA"}

more

You could update entire entire trusted CA by doing something like 

internalRootCAs="-----BEGIN CERTIFICATE-----
MIIEYzCCA0ugA ...
-----END CERTIFICATE-----
all my root certs ...

mkdir -p myhost-files
curl https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites -o myhost-files/ca-certificates.crt
echo "$internalRootCAs" >> myhost-files/ca-certificates.crt
kubectl create configmap myhost-files --from-file=myhost-files --save-config --dry-run=client -o yaml | kubectl apply -f -

Update helm chart values.yaml 

    extraVolumeMounts:
      - mountPath: /etc/ssl/certs/ca-certificates.crt
        subPath: ca-certificates.crt
        name: myhost-files
    # extraVolumes: []
    extraVolumes:
      - name: myhost-files
        configMap:
          name: host-files

or 

extraConfigmapMounts:

Note that fedora based is in this folder /etc/pki/ca-trust

Retrieved from "https://tech.uvoo.io/index.php?title=Certificate_Authority_Custom&oldid=4773"