Skip to main content

Adding certificates to a Podman machine

You can add certificates from your local certificate authority (CA) or from a third-party vendor into a Podman machine. After adding these certificates, you can use them in your images to:

  • Secure the communication channel between the running applications in your container and the external host system
  • Validate the SSL or TLS certificates provided by external services for authentication
note

On Windows, the Podman commands use the CAs from the certificate store. For example, if you are unable to log in to an internal registry because the added certificate was not trusted by Podman, you can add it to the Windows certificate store. This will enable Podman commands to trust the certificate and help you log in to that registry.

Prerequisites

  • A running Podman machine.
  • Obtained the required certificates for installation, such as certificate.pem or certificate.crt.

Procedure

  1. Start an interactive session with the default Podman machine:
$ podman machine ssh <machine_name>
  1. Optional: Switch to a root shell only if Podman runs in the default rootless mode:
$ sudo su -
  1. Change to the directory where the certificates must be placed:
$ cd /etc/pki/ca-trust/source/anchors
  1. Perform one of the following steps:

  • Use the curl command to download a certificate:

    $ curl [-k] -o <my-certificate> https://<my-server.com/my-certificate>

  • Use any editor, such as Notepad or Vim to create a certificate file with .crt, .cer, or .pem extension.

    note

    You can convert a certificate file to a text file and copy its content to the editor.

  1. Add the certificate to the list of trusted certificates:
$ update-ca-trust
  1. Optional: Run the exit command to exit the root shell.
$ exit

  1. Run the exit command to exit the Podman machine.

  2. Optional: Reboot the Podman machine.

$ podman machine stop <machine_name>
$ podman machine start <machine_name>