Certificates and internal certificate authorities
Learn how to use an internal certificate authority (CA) with Retool.
If your API's SSL certificates are signed by an internal CA, Retool refuses to connect over HTTPs unless you configure Retool to trust your CA. You do this by setting NODE_EXTRA_CA_CERTS
to the absolute path of your certificate files. The files need to include one or more trusted certificates in PEM format.
Configure Docker Compose
With Docker Compose deployments, you need to store the certificate as a file on the filesystem, and then mount that file to the api
container.
- Create a subdirectory in your
retool-onpremise
repo namedca
. - Save your internal certificate in PEM format to
./ca/cert.pem
. - Configure the following
docker-compose.yml
anddocker.env
files.
version: '2'
services:
api:
image: tryretool/backend:latest
env_file: ./docker.env
...
volumes:
- ./ssh:/retool_backend/autogen_ssh_keys
- ./ca:/retool_backend/ca
db-connector:
...
volumes:
- ./ca:/retool_backend/ca
NODE_ENV=production
...
NODE_EXTRA_CA_CERTS=/retool_backend/ca/cert.pem
...
Configure Kubernetes and other deployment infrastructures
The process for Kubernetes and other deployment options are similar to Docker Compose, but you might have different options depending your infrastructure. For example, with Kubernetes you can use Kubernetes Secrets, and with Heroku you can extend the Dockerfile to copy the certificate into the container.
Updated 14 days ago