Add Custom Certificates to Trusted Storage of Docker Images
There are three ways to load your own self-signed certs into a Tyk Gateway Docker image.
- Modify or extend the Dockerfile.
Override the entrypoint. This method does not require modifying the Dockerfile or creating your own. Instead, you can mount your root certificate as a volume, and then before executing
entrypoint.sh, update the ca certificates.
docker run -it tykio/tyk-gateway:latest \ -v $(pwd)/myroot.crt:/usr/local/share/ca-certificates/myroot.crt \ update-ca-certificates && entrypoint.sh
It is also possible to apply pinned root certificates at the Gateway’s global level. Once you have uploaded your root certificate inside Tyk’s certificate store, inside your
security.pinned_public_keys, you should be able to insert the certificate id into the array. That way, you do not need to configure it on a per-api basis. NOTE: This applies to the Tyk Gateway Docker image only.