Some on-prem S3 implementations use custom TLS certificates to encrypt the connection. Currently, pbm-agent only relies on OS-trusted certificates. In some cases, passing a custom certificate as a backup storage configuration is a must. Altering the OS trusted certificate authorities is not always an option.
OpsManager, for example, allows it.
Solution proposition
Acceptance Criteria
PBM should trust both (all) certificates loaded
PBM trust all the CA (plus customer issued and authorized) loaded
Only the .PEM format is supported
file should contain the root certificate chain from the CA
QA and Documentation
Questions/AI?
list the config parameters in ops manager the customer uses currently
Environment
None
Activity
radoslaw.szulgo
May 13, 2025 at 10:48 AM
Docs available:
radoslaw.szulgo
April 15, 2025 at 5:36 PM
I can document this right away
This comment was left via Slack.
Michal Nosek
April 15, 2025 at 5:36 PM
Thanks! I will verify on my side. Can we document it? Do we need a separate ticket to update the docs?
Problem description
Some on-prem S3 implementations use custom TLS certificates to encrypt the connection. Currently, pbm-agent only relies on OS-trusted certificates. In some cases, passing a custom certificate as a backup storage configuration is a must. Altering the OS trusted certificate authorities is not always an option.
OpsManager, for example, allows it.
Solution proposition
Acceptance Criteria
PBM should trust both (all) certificates loaded
PBM trust all the CA (plus customer issued and authorized) loaded
Only the .PEM format is supported
file should contain the root certificate chain from the CA
QA and Documentation
Questions/AI?
list the config parameters in ops manager the customer uses currently