Clarify usage of ADDITIONAL_CA_CERT_BUNDLE in custom certificate authority for secure products
Problem to solve
It seems that the documentation for the ADDITIONAL_CA_CERT_BUNDLE
value used for configuring a custom certificate authority for secure products is not clear enough, since there has been some confusion as discussed here.
We need to clarify that the ADDITIONAL_CA_CERT_BUNDLE
variable should contain the actual certificate, and not a path to the certificate file. For example:
some-job:
variables:
ADDITIONAL_CA_CERT_BUNDLE: |
-----BEGIN CERTIFICATE-----
MIIGqTCCBJGgAwIBAgIQI7AVxxVwg2kch4d56XNdDjANBgkqhkiG9w0BAQsFADCB
...
jWgmPqF3vUbZE0EyScetPJquRFRKIesyJuBFMAs=
-----END CERTIFICATE-----
Proposal
Clarify how to configure ADDITIONAL_CA_CERT_BUNDLE
in the docs for the following secure products:
Implementation plan
- Assist our technical writer @rdickenson to update the documentation.
Who can address the issue
Secure team
Other links/references
/cc @gonzoyumo @NicoleSchwartz @tmccaslin @cat
Testing
Test against applicable Secure Test Projects, that a supplied inline ADDITIONAL_CA_CERT_BUNDLE functions correctly (and conversely, a bogus value does not)
Edited by Adam Cohen