Skip to content

SSL Configuration for Private Locations

The escape-cli will by default use the SSL certificates of your local machine. If you are running the escape-cli inside a container, it will use the certificates of this container.

Allowing insecure SSL connections

If you dont want to allow any SSL connections, you can set the ESCAPE_SSL_INSECURE="true" environment variable.

Adding Custom SSL CA Certificates

If you have one or more custom SSL Certificate Authorities, you can configure them using the ESCAPE_SSL_CERT_PATH environment variable.

Single CA Certificate

To add a single custom CA certificate, set the ESCAPE_SSL_CERT_PATH environment variable to point to your certificate file:

services:
  private-location:
    image: escapetech/cli:latest
    environment:
      - ESCAPE_API_KEY=<ESCAPE_API_KEY>
      - ESCAPE_SSL_CERT_PATH=/certs/custom-ca.pem
    volumes:
      - ./certs:/certs

Multiple CA Certificates

The ESCAPE_SSL_CERT_PATH variable supports PEM files containing multiple CA certificates. To configure multiple CA certificates, concatenate them into a single PEM file with each certificate in standard PEM format:

-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKJ...
(first CA certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEBzCCAu+gAwIBAgICEA...
(second CA certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQdY...
(third CA certificate)
-----END CERTIFICATE-----

Then reference this combined certificate file:

services:
  private-location:
    image: escapetech/cli:latest
    environment:
      - ESCAPE_API_KEY=<ESCAPE_API_KEY>
      - ESCAPE_SSL_CERT_PATH=/certs/combined-ca-bundle.pem
    volumes:
      - ./certs:/certs

Certificate Management

When working with multiple CA certificates, maintain them in a single PEM bundle file rather than trying to specify multiple paths. The Private Location will automatically parse and load all certificates present in the specified file.