How to add Certificates to CoreOS truststore

Hi,

I’m using fedora-coreos-34.20210529.3.0-vmware.x86_64.ova and a fcos/1.3.0 butane specification file with ignition.security.tls… settings for inline certificates of my internal CA-certificate.

butane is fine with this configuration and fcos is installed. But there are no certificates added to the system and podman is unable to pull a image from my internal registry service signed by my internal CA.

Is there a gap between the butane specification and the implemented features in CoreOS? Where can i find the logs for the “service applying the ignition file” on the fcos installation?

Is there an other method to add custum certificates to the fcos truststore?

Thanks for your help.

Frank

All of the settings under ignition only affect the running of Ignition itself. If you want your CA to be applied to the installed system, you can additionally write the cert directly to the filesystem using storage.files.

You can retrieve Ignition logs with journalctl -t ignition.

1 Like

@bgilbert, thanks for your help.

I added the CA files with…

storage:
  files:
    - path: /etc/pki/ca-trust/source/anchors/Example_CA_2021.crt
      contents:
        inline: |
          [...]

… now my CA is used for tls validation and podman can pull images from my internal registry.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.