Replacing self-signed certificates

You can replace the self-signed certificate with a CA-signed certificate by using the config-certificates use-provided command.

About this task

For this process, you need to provide the following artifacts:

  • A CA-signed certificate in PEM format.
  • The root certificate and the intermediate certificate (if provided) required to validate the authenticity of the CA-signed certificate, both in PEM format.
    Note: Certificate chains are currently not supported.
  • The private key used for the CA signing request. Both RSA keys and EC keys are supported.


  1. Place the required certificate and key files into a directory that is accessible to the or command.
  2. Run the following command to replace the self-signed certificate:
    • Docker: config-certificates use-provided
    • Podman: config-certificates use-provided
  3. Follow the instructions on the screen.
  4. After you replace the certificate, restart all the consuming services for the change to take effect.