Is your feature request related to a problem? Please describe.
we are missing monitoring the bosh certs under creds.yml and after expiring only we able to know and taking action

Describe the solution you'd like
Hi,

Instead of using bosh generated self signed certificates , is a company generated internal "ca's" and certificates can be used
in creds.yml under respective certificates like default_ca , uaa_ssl , director_ca etc?

The purpose is we are unable to track expiring certs , if we are using our tool generated certificates we can easily monitor the expiring dates and take action easily.

Is the above can be done or it won't work?

Thanks!

Hi @spkrsna,
in general this is of course possible. At the end you only have to ensure that the certificates, that you want to use are added in the deployment manifest. In my company we add certificates from different sources via ops files to the deployment manifest.

Now you are maybe using https://github.com/cloudfoundry/bosh-deployment to install your bosh and I can't tell and didn't check how to configure it there, but in general it's possible.

BTW: there is a Slack Channel for consultings like this: https://bosh.io/docs/community/

you can use this opsfile to add an extra trusted ca https://github.com/cloudfoundry/bosh-deployment/blob/master/misc/trusted-certs.yml

or you could override all the certs.
by creating an opsfile where you override the ca certs. for example this line https://github.com/cloudfoundry/bosh-deployment/blob/master/bosh.yml#L100
although you need to go trough all the lines where the ca and certs are used

Closing due to inactivity. Feel free to reopen though.