forked from cloudfoundry/docs-cf-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathself-signed.html.md.erb
73 lines (46 loc) · 2.83 KB
/
self-signed.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
---
title: Using the cf CLI with a Self-Signed Certificate
owner: CLI
---
This topic describes how developers can use the Cloud Foundry Command Line Interface (cf CLI)
to communicate securely with a Cloud Foundry deployment with a self-signed certificate.
## <a id='overview'></a> Overview
You can use the cf CLI to communicate securely with a Cloud Foundry deployment without
specifying `--skip-ssl-validation` under these circumstances:
* The deployment uses a self-signed certificate.
* The deployment uses a certificate that is signed by a self-signed certificate authority (CA), or a certificate signed by a certificate that is signed by a self-signed CA.
<%= vars.self_signed %>
## <a id="install-local"></a> Install the Certificate on Local Machines
The certificates you must insert into your local truststore vary depending on the configuration of your deployment.
* If the deployment uses a self-signed certificate, the you must insert the self-signed certificate into your local truststore.
* If the deployment uses a certificate that is signed by a self-signed CA, or a certificate signed by a certificate that is signed by a self-signed CA, you must insert the self-signed certificate and any intermediate certificates into your local truststore.
### <a id="macosx"></a> Install the Certificate on Mac OS X
To place the certificate file `server.crt` into your local truststore for Mac OS X:
1. Run:
```
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain server.crt
```
### <a id="linux"></a> Install the Certificate on Linux
To place the certificate file `server.crt` into your truststore for Linux:
1. Run one of these commands, depending on your Linux distrubution:
* For Debian, Ubuntu, or Gentoo, run:
```
cat server.crt >> /etc/ssl/certs/ca-certificates.crt
```
* For Fedora or RHEL, run:
```
cat server.crt >> /etc/pki/tls/certs/ca-bundle.crt
```
<br>
<br>
The examples above set the certificate permanently on your machine across all users and require `sudo` permissions. To set the certificate only in your current terminal or script, run one of these commands:
* `export SSL_CERT_FILE=PATH-TO-SERVER.crt`<br>
Where `PATH-TO-SERVER.crt` is the filepath of the `server.crt` certificate file.
* `export SSL_CERT_DIR=PATH-TO-SERVER-DIRECTORY`<br>
Where `PATH-TO-SERVER-DIRECTORY` is the directory of the `server.crt` certificate file.
### <a id="windows"></a> Install the Certificate on Windows
To place the certificate file `server.crt` into your local truststore for Windows:
1. Right-click on the certificate file.
1. Click **Install Certificate**.
1. Choose to install the certificate as the **Current User** or **Local Machine**.
1. From the certification store list, select **Trusted Root Certification Authorities**.