Securing Communication with TLS


Securing encrypted communications using TLS certificates

Your DC/OS certificate authority (CA) signs the TLS certificates and provisions them to systemd-started services during the bootstrap sequence. This encrypts communications with no manual intervention required. Each DC/OS cluster has its own DC/OS CA and a unique root certificate. Because your DC/OS CA does not appear in any lists of trusted certificate authorities, requests coming in from outside the cluster, such as from a browser or curl, will result in warning messages. To establish trusted communications with your DC/OS cluster and stop the warning messages:

  1. Obtain the DC/OS CA bundle.

  2. Perform one of the following: