DC/OS DocumentationBy default, the DC/OS CLI does not verify the signer of TLS certificates. We recommend completing the following brief procedure to ensure that the DC/OS CLI trusts only your DC/OS CA and refuses connections with other parties.
NOTE: This procedure should be unnecessary if you have set up a proxy.
By default, the DC/OS CLI does not verify the signer of TLS certificates. We recommend completing the following brief procedure to ensure that the DC/OS CLI trusts only your DC/OS CA and refuses connections with other parties.
Prerequisite: A local copy of the root certificate of your DC/OS CA.
-
Use the following command to change the default and to set the DC/OS CLI to trust your DC/OS CA.
dcos config set core.ssl_verify $(pwd)/dcos-ca.crt -
You should receive the following message, indicating success.
[core.ssl_verify]: changed from 'False' to '/path/dcos-ca.crt'