Open rarkins opened 1 year ago
🤔 We already have some docs about runtime install of certs
https://github.com/containerbase/base/blob/main/docs/custom-root-ca.md
Is it really enough though?
should be for most tools
So do you think that SSL_CERT_FILE
is essentially an equivalent to update-ca-certificates
?
yes, for all tools which use openssl
It would be ideal if users can configure custom certificates at runtime instead of at build time. e.g. map in a cert using Docker volumes.
For tools which have their own way of being configured with custom certs, it's likely possible, but today we require Ubuntu's
update-ca-certificates
to be run as root.This discussion implies it could be feasible for Ubuntu: https://unix.stackexchange.com/questions/688608/is-it-possible-to-install-a-custom-ca-certificate-without-the-ca-certificates-pa
Blocker
Bun
https://github.com/oven-sh/bun/issues/271