Documentation Documentation

Add Custom Certificates to Trusted Storage of Docker Images

There are three ways to load your own self-signed certs into a Tyk Gateway Docker image.

  1. Modify or extend the Dockerfile.
  2. Override the entrypoint. This method does not require modifying the Dockerfile or creating your own. Instead, you can mount your root certificate as a volume, and then before executing entrypoint.sh, update the ca certificates.

    docker run -it tykio/tyk-gateway:latest \
    -v $(pwd)/myroot.crt:/usr/local/share/ca-certificates/myroot.crt \
    update-ca-certificates && entrypoint.sh
    
  3. It is also possible to apply pinned root certificates at the Gateway’s global level. Once you have uploaded your root certificate inside Tyk’s certificate store, inside your tyk.conf, under security.pinned_public_keys, you should be able to insert the certificate id into the array. That way, you do not need to configure it on a per-api basis. NOTE: This applies to the Tyk Gateway Docker image only.