viceice
commented
1 year ago 🤔 We already have some docs about runtime install of certs
https://github.com/containerbase/base/blob/main/docs/custom-root-ca.md
Open rarkins opened 1 year ago
viceice
commented
1 year ago 🤔 We already have some docs about runtime install of certs
https://github.com/containerbase/base/blob/main/docs/custom-root-ca.md
rarkins
commented
1 year ago Is it really enough though?
viceice
commented
1 year ago should be for most tools
rarkins
commented
1 year ago So do you think that SSL_CERT_FILE is essentially an equivalent to update-ca-certificates?
viceice
commented
1 year ago yes, for all tools which use openssl
It would be ideal if users can configure custom certificates at runtime instead of at build time. e.g. map in a cert using Docker volumes.
For tools which have their own way of being configured with custom certs, it's likely possible, but today we require Ubuntu's
update-ca-certificatesto be run as root.This discussion implies it could be feasible for Ubuntu: https://unix.stackexchange.com/questions/688608/is-it-possible-to-install-a-custom-ca-certificate-without-the-ca-certificates-pa
Blocker
Bunhttps://github.com/oven-sh/bun/issues/271