forked from cloudfoundry/docs-cf-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathself-signed.html.md.erb
79 lines (49 loc) · 2.86 KB
/
self-signed.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
---
title: Using the cf CLI with a self-signed certificate
owner: CLI
---
This topic describes how developers use the Cloud Foundry Command Line Interface (cf CLI)
to communicate securely with a Cloud Foundry deployment with a self-signed certificate.
You can use the cf CLI to communicate securely with a Cloud Foundry deployment without
specifying `--skip-ssl-validation` under the following conditions:
* The deployment uses a self-signed certificate.
* The deployment uses a certificate that is signed by a self-signed certificate authority (CA), or a certificate signed by a certificate that is signed by a self-signed CA.
<%= vars.self_signed %>
## <a id="install-local"></a> Installing the certificate on physical machines
The certificates you must insert into your local trust store vary depending on the configuration of your deployment:
* If the deployment uses a self-signed certificate, you must insert the self-signed certificate into your local trust store.
* If the deployment uses a certificate that is signed by a self-signed CA, or a certificate signed by a certificate that is signed by a self-signed CA, you must insert the self-signed certificate and any intermediate certificates into your local trust store.
### <a id="macosx"></a> Installing the Certificate on Mac OS X
To place the certificate file `server.crt` into your local trust store for Mac OS X:
1. Run:
```
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain server.crt
```
### <a id="linux"></a> Installing the certificate on Linux
To place the certificate file `server.crt` into your trust store for Linux:
1. Run one of the following commands, depending on your Linux distribution:
* For Debian, Ubuntu, or Gentoo, run:
```
cat server.crt >> /etc/ssl/certs/ca-certificates.crt
```
* For Fedora or RHEL, run:
```
cat server.crt >> /etc/pki/tls/certs/ca-bundle.crt
```
The previous examples set the certificate permanently on your machine across all users and require `sudo` permissions. To set the certificate only in your current terminal or script, run one of these commands:
* Option 1:
```console
export SSL_CERT_FILE=PATH-TO-SERVER.crt
```
Where `PATH-TO-SERVER.crt` is the filepath of the `server.crt` certificate file.
* Option 2:
```console
export SSL_CERT_DIR=PATH-TO-SERVER-DIRECTORY
```
Where `PATH-TO-SERVER-DIRECTORY` is the directory of the `server.crt` certificate file.
### <a id="windows"></a> Installing the certificate on Windows
To place the certificate file `server.crt` into your local trust store for Windows:
1. Right-click the certificate file.
1. Click **Install Certificate**.
1. Choose to install the certificate as the **Current User** or **Local Machine**.
1. From the certification store list, select **Trusted Root Certification Authorities**.