Your DC/OS certificate authority (CA) signs the TLS certificates and provisions them to
systemd-started services during the bootstrap sequence. This encrypts communications with no manual intervention required. Each DC/OS cluster has its own DC/OS CA and a unique root certificate. Because your DC/OS CA does not appear in any lists of trusted certificate authorities, requests coming in from outside the cluster, such as from a browser or
curl, will result in warning messages. To establish trusted communications with your DC/OS cluster and stop the warning messages:
Obtain the DC/OS CA bundle.
Perform one of the following:
Manually add your DC/OS CA as a trusted authority in browser, DC/OS CLI, curl commands, and other clients.
Set up a proxy between Admin Router and user agent requests coming in from outside of the cluster.
Configuring HAProxy in Front of Admin Router
Using the HAProxy to set up an HTTP proxy for the DC/OS Admin Router…Read More
Configuring a Custom CA Certificate
Configuring DC/OS Enterprise to use a custom CA certificate…Read More
Obtaining the DC/OS CA bundle
Obtaining the DC/OS CA bundle…Read More
Establishing trust in your DC/OS CA
Configuring Chrome and Firefox to trust your DC/OS CA.…Read More
Establishing trust in your CLI
Establishing trust in your CLI…Read More
Establishing trust in your curl commands
Establishing trust in your curl commands…Read More
Securing Exhibitor with mutual TLS
Securing DC/OS with a TLS enabled Exhibitor ensemble…Read More
Using the Certificate Authority API
Viewing, creating, and signing certificates…Read More