03/29/2023, 10:21 AM
Hi community, Quick question. In case I get
curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: <>
when pod is trying to access my GitHub Enterprise Server, is it enough to add a self-signed certificate to
? Only the server cert should be added or the rootCA and intermediate certs as well? Thanks in advance,
I have verified that it's enough to add root CA to the pod so it could access GHES by creating the certificate file in the pods directory /etc/ssl/certs and then I added it to the curl command:
curl -v <> --cacert /etc/ssl/certs/rootCA.crt
Would be good to understand where that root CA should be added in K3S so pods could use it.


03/29/2023, 12:29 PM
You might use trust-manager to distribute CAs to namespaces after creating a k8s secret or configmap containing the trusted CA certificate.
That would compose a CA bundle as yet another configmap which may then be mounted on any container for use by an application.


03/31/2023, 2:32 PM
Hi, Thank you for your reply! I created a configMap and then attacked it directly in the deployment. That helped to solve an issue.