Skip to main content

Adding certificates to a Podman machine

You can add certificates from your local certificate authority (CA) or from a third-party vendor into a Podman machine. After adding these certificates, you can use them in your images to:

  • Secure the communication channel between the running applications in your container and the external host system
  • Validate the SSL or TLS certificates provided by external services for authentication

Prerequisites

  • A running Podman machine.
  • Obtained the required certificates for installation, such as certificate.pem or certificate.crt.

Procedure

  1. Start an interactive session with the default Podman machine:
$ podman machine ssh <machine_name>
  1. Optional: Switch to a root shell only if Podman runs in the default rootless mode:
$ sudo su -
  1. Change to the directory where the certificates must be placed:
$ cd /etc/pki/ca-trust/source/anchors
  1. Perform one of the following steps:

  • Use the curl command to download a certificate:

    $ curl [-k] -o <my-certificate> https://<my-server.com/my-certificate>

  • Use any editor, such as Notepad or Vim to create a certificate file with .crt, .cer, or .pem extension.

    note

    You can convert a certificate file to a text file and copy its content to the editor.

  1. Add the certificate to the list of trusted certificates:
$ update-ca-trust
  1. Optional: Run the exit command to exit the root shell.
$ exit
  1. Run the exit command to exit the Podman machine.