Trusted system certificates
Page last updated:
As a Cloud Foundry admin, you can deploy a set of trusted system certificates. These trusted certificates are available in Linux-based app instances running on the Diego back end. Such instances include buildpack-based apps using the cflinuxfs[3|4]
stack and Docker image-based apps.
If the admin configures these certificates, they are available inside the instance containers as files with extension .crt
in the read-only /etc/cf-system-certificates
directory.
For cflinuxfs[3|4]
-based apps, these certificates are also installed directly in the /etc/ssl/certs
directory, and are available to libraries such as openssl
that respect that trust store. If the administrator configure these certificates, the location of the certificates is provided in the environment variable CF_SYSTEM_CERT_PATH
on the instance container.