Custom certificate authorities

Flatcar Linux supports custom Certificate Authorities (CAs) in addition to the default list of trusted CAs. Adding your own CA allows you to:

The setup process for any of these use-cases is the same:

  1. Copy the PEM-encoded certificate authority file (usually with a .pem file name extension) to /etc/ssl/certs

  2. Run the update-ca-certificates script to update the system bundle of Certificate Authorities. All programs running on the system will now trust the added CA.

More information

Generate Self-Signed Certificates

etcd Security Model