https://rancher.com/ logo
Title
b

breezy-autumn-81048

03/29/2023, 10:21 AM
Hi community, Quick question. In case I get
curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: <https://curl.haxx.se/docs/sslcerts.html>
when pod is trying to access my GitHub Enterprise Server, is it enough to add a self-signed certificate to
/var/lib/rancher/k3s/server/tls
? Only the server cert should be added or the rootCA and intermediate certs as well? Thanks in advance,
I have verified that it's enough to add root CA to the pod so it could access GHES by creating the certificate file in the pods directory /etc/ssl/certs and then I added it to the curl command:
curl -v <https://github.myexample.com> --cacert /etc/ssl/certs/rootCA.crt
Would be good to understand where that root CA should be added in K3S so pods could use it.
r

refined-analyst-8898

03/29/2023, 12:29 PM
You might use trust-manager to distribute CAs to namespaces after creating a k8s secret or configmap containing the trusted CA certificate.
That would compose a CA bundle as yet another configmap which may then be mounted on any container for use by an application.
b

breezy-autumn-81048

03/31/2023, 2:32 PM
Hi, Thank you for your reply! I created a configMap and then attacked it directly in the deployment. That helped to solve an issue.