Catalog Not Loading - Behind Corporate Proxy with SSL-Inspection

After working at this for a while, I found a solution.

If you deployed Rancher using Helm, there is this option:

# Additional Trusted CAs.
# Enable this flag and add your CA certs as a secret named tls-ca-additional in the namespace.
# See README.md for details.
additionalTrustedCAs: false

In the cluster where Rancher is installed, create a secret in the cattle-system namespace as follows:

name: tls-ca-additional
key: ca-additional.pem
value: [concatenated pem of root and intermediate CAs]

Then set the additionalTrustedCAs to true, and upgrade your Rancher helm chart.
What it does, is mounts the secret at /etc/ssl/certs/ca-additional.pem, and now Rancher is able to fetch catalogs through SSL interception.

1 Like