Trusted System Certificates
Page last updated:
Warning: Pivotal Application Service (PAS) v2.8 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.
A Pivotal Platform admin can deploy a set of trusted system certificates. These trusted certificates are available in Linux-based app instances running on the Diego back end. Such instances include buildpack-based apps using the
cflinuxfs3 stack and Docker image-based apps.
If the admin configures these certificates, they are available inside the instance containers as files with extension
.crt in the read-only
cflinuxfs3-based apps, these certificates are also installed directly in the
/etc/ssl/certs directory, and are available automatically to libraries such as
openssl that respect that trust store. If the administrator configure these certificates, the location of the certificates is provided in the environment variable
CF_SYSTEM_CERT_PATH on the instance container.