Self Signed Certificates

If you are trying to communicate with services that are signed using self-signed certificates, you will need to import them.

Digital Enterprise Suite (DES)

To import a self-signed certificate, copy the crt certificate (PEM encoded) files (must have the .crt extension) into the /data/des/ca path.

A pod restart is required.

Digital Distributed Containers (DDC)

To import self-signed certificates, you will need to create a secret named <DDC_NAME>-ddc-ca in the same namespace.

This secret should contain certificate files (must have the .crt extension) using PEM encoding.

To create that secret, you can use the kubectl command:

kubectl create secret -n ddc generic <DDC_NAME>-ddc-ca --from-file=/path/to/folder/containing/crt/files

A pod restart is required.

Alternative for Multiple Certificates

In the case where multiple certificates are required, it is possible to add them all to a file called certificates.pem (in the same folder for DES or in the secret for DDC). The PEM file can contain multiple certificates concatenated in a single file.