monitor_ssl_trusted

List of CA root certificates the server trusts as issuers of client certificates. This list only applies to incoming connections on the Server Health and Metrics HTTPS listen.

monitor_ssl_trusted = certificates

If this parameter is not specified, an attempt is made to use the list from the server’s TLS listen.

Specify only CA root certificates. Do not include intermediate CA certificates.

The certificates must be in PEM or DER format. You can either provide the paths to certificates as individual monitor_ssl_trusted entries, or you can specify a path to a file containing the certificate chain. If using a DER format file, it can contain only a single certificate, not a certificate chain.

For example:

monitor_ssl_trusted = certs\CA1_root.pem
monitor_ssl_trusted = certs\CA2_root.pem

See File Names for Certificates and Keys for more information on file types for digital certificates.

Did you find this helpful?

Yes No