Changes to TLS certificate handling in Habitat 0.85

Salim_Alam · October 8, 2019, 4:36pm

Hi folks - just a quick FYI that we have a blog post up with information on some changes to TLS certificate handling in Habitat 0.85 that may be of interest to those of you working in scenarios where custom certificates are required:

As always, we appreciate any feedback you may have - posted here, on our Slack channel, or with issues opened on the Habitat repo.

HT154 · October 8, 2019, 4:57pm

@salam Thanks for addressing this!

Here are the cases where custom certs have been painful in the past:

hab CLI communication with on-prem builder
Custom-built services relying on core/cacerts
Plan builds that pull from artifact stores with internal certs via download_file, curl, wget, etc.
Adopting/extending core plans that depend on core/cacerts

Here are the current solutions:

Addressed by these changes!
Build your own <origin>/cacerts package and depend on that instead
Unclear
Unclear

Can you provide some clarification on #3 and #4?

Topic		Replies	Views
SSL_CERT_FILE documentation is missing Chef Habitat	3	697	October 15, 2017
Doing things the hard way: Using Gitlab, Habitat and Chef to automatically issue letsencrypt certificates Habitat Community	3	2187	December 26, 2018
Habitat Package Upgrade : OpenSSl & letsencrypt certs issue fix Chef Habitat	1	550	November 1, 2021
OpenSSL CVE and Habitat Chef Habitat	0	570	September 26, 2016
A Community Plan for Automatic Renewal of LetsEncrypt Certs Habitat Community packages	1	615	February 28, 2019

Changes to TLS certificate handling in Habitat 0.85

Related topics