Your DC/OS certificate authority (CA) signs the TLS certificates and provisions them to systemd
-started services during the bootstrap sequence. This encrypts communications with no manual intervention required. Each DC/OS cluster has its own DC/OS CA and a unique root certificate. Because your DC/OS CA does not appear in any lists of trusted certificate authorities, requests coming in from outside the cluster, such as from a browser or curl
, will result in warning messages. To establish trusted communications with your DC/OS cluster and stop the warning messages:
-
Obtain the DC/OS CA bundle.
-
Perform one of the following:
-
Manually add your DC/OS CA as a trusted authority in browser, DC/OS CLI, curl commands, and other clients.
-
Set up a proxy between Admin Router and user agent requests coming in from outside of the cluster.
-
Configuring HAProxy in Front of Admin Router
Using the HAProxy to set up an HTTP proxy for the DC/OS Admin Router…Read More
Configuring a Custom CA Certificate
ENTERPRISE
Configuring DC/OS Enterprise to use a custom CA certificate…Read More
Configuring a Custom External Certificate
ENTERPRISE
Configuring DC/OS Enterprise to use a custom external certificate…Read More
Obtaining the DC/OS CA bundle
ENTERPRISE
Obtaining the DC/OS CA bundle…Read More
Establishing trust in your DC/OS CA
ENTERPRISE
Configuring Chrome and Firefox to trust your DC/OS CA.…Read More
Establishing trust in your CLI
ENTERPRISE
Establishing trust in your CLI…Read More
Establishing trust in your curl commands
ENTERPRISE
Establishing trust in your curl commands…Read More
Securing Exhibitor with mutual TLS
ENTERPRISE
Securing DC/OS with a TLS enabled Exhibitor ensemble…Read More
Using the Certificate Authority API
ENTERPRISE
Viewing, creating, and signing certificates…Read More