Securing Communication with TLS

ENTERPRISE

Securing encrypted communications using TLS certificates

In permissive and strict security modes, your DC/OS certificate authority (CA) signs the TLS certificates and provisions them to systemd-started services during the bootstrap sequence. This accomplishes encrypted communications with no manual intervention. Each DC/OS cluster has its own DC/OS CA and a unique root certificate.

Because your DC/OS CA does not appear in any lists of trusted certificate authorities, requests coming in from outside the cluster, such as from a browser or curl, will result in warning messages. To establish trusted communications with your DC/OS cluster and stop the warning messages:

  1. Obtain the DC/OS CA bundle.

  2. Perform one of the following: