Skip to main content

Certificate Authority

  • Environmental Variable: CERTIFICATE_AUTHORITY or CERTIFICATE_AUTHORITY_FILE
  • Config File Key: certificate_authority or certificate_authority_file
  • Kubernetes: not supported
  • Type: base64 encoded string or relative file location
  • Optional

This defines a set of root certificate authorities that Pomerium uses when communicating with other TLS-protected services.

Note: Unlike route-specific certificate authority settings, this setting augments (rather than replaces) the system's trust store. But routes that specify a CA will ignore those provided here.

danger

Be sure to include the intermediary certificate.