Configuring Custom Root CA Certificate

If your organization uses its own custom Certificate Authority, CDSW engines will not be able to automatically recognise the custom CA's root certificate. You must add your internal root CA certificate and all the intermediate certificates in the chain to CDSW so that it is inserted into the engine's root certificate store every time a session (or any workload) is launched. This will allow processes inside the engine to communicate securely with the ingress controller.

  1. Download /etc/ssl/certs/ca-certificates.crt: ca-certificates.crt.
  2. Log in to CDSW as a site administrator.
  3. Go to Admin > Security.
  4. Under the Root CA Configuration section, paste in the contents of your organization's internal root CA certificate file and all the Intermediate CA certificate(s) that are there in your trust chain at the end of the ca-certificates.crt file that you downloaded before.
    cat ca.crt >> /etc/ssl/certs/ca-certificates.crt
    The contents of the certificate should remain in .CRT format. For example:
    ---BEGIN CERTIFICATE---
    xxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxx
    ...
    ---END CERTIFICATE---
    The contents of this field are then inserted into the engine's root certificate store every time a session (or any workload) is launched. This allows processes inside the engine to communicate with the ingress controller.
  5. Click Update.
Restart any existing sessions and re-build any existing models to ensure that the newly launched engines pick up this change.