Domino checks for domino-custom-certificates ConfigMap in the Kubernetes cluster’s default namespace.
This ConfigMap must have a key named bundle with plaintext data of a certificate bundle in PEM format.
If the bundle exists, then Domino uses certificates from this bundle to connect to the external services.
Domino supports the following certificate types:
- Custom Certificate Authority (CA)
-
Certificates that certify the other certificates issued under this authority.
- Self-signed certificates
-
Certificates that do not have a reference to the authority signing them.
The bundle is formatted as a series of concatenated certificates in PEM format. You must have the line breaks around the lines:
-----BEGIN CERTIFICATE—--and
-----END CERTIFICATE—--The bundle must contain all the certificates that you would typically use to connect to the private services, including intermediate and root certificates.
Domino includes public certificates, such as DigiCert root certificates, by default so you do not have to include them. Duplicate certificates will not cause any issues.
For user executions, all Domino certificates, including public and customer-provided, will be stored in /etc/ssl/certs/domino-custom.