Configuring the DC/OS CLI to trust your DC/OS CA

Enterprise DC/OS Preview Updated: March 30, 2017

Note: This procedure should be unnecessary if you have set up a proxy.

By default, the DC/OS CLI does not verify the signer of TLS certificates. We recommend completing the following brief procedure to ensure that the DC/OS CLI trusts only your DC/OS CA and refuses connections with other parties.

Prerequisite: A local copy of the root certificate of your DC/OS CA.

  1. Use the following command to change the default and to set the DC/OS CLI to trust your DC/OS CA.
    dcos config set core.ssl_verify $(pwd)/dcos-ca.crt
  2. You should receive the following message, indicating success.
    [core.ssl_verify]: changed from 'False' to '/path/dcos-ca.crt'