From f8f295be3ec1e1bced79aa37845edcbafa90577f Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Thu, 13 Apr 2017 13:51:46 +0000 Subject: [PATCH] Introduce common CAs to be mounted to the containers When TLS is enabled, the containers need to trust the CAs that the host trusts. Change-Id: I0434b0ac10290970857cad3d1a89d00f5b054196 --- docker/services/containers-common.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index a357ceb689..d3561f6b55 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -9,3 +9,8 @@ outputs: value: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro + # OpenSSL trusted CAs + - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro + - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro