Self-Hosted Custom CA Roots

Starting with Sentry 21.8.0, if you need to have Sentry access services which do not have TLS certificates from publicly trusted CA roots, it's now possible to easily add them to the containers. Just add the certificates to the certificates folder inside the root of your Sentry install and restart the containers. Your custom CA roots will be used in addition to the publicly trusted CA roots.

Note

While you can run update-ca-certificates in each container, that will update the system's root bundle on disk, but does nothing for any copies in memory. Restarting the container will update the bundle and make sure it is used.

The container's logs will have the output from update-ca-certificates right at the start if there is a problem with a given certificate.

Dependencies With Bundled Roots

Some dependencies have opted to bundle their own CA roots and ignore the system CA roots. Where known, they have been configured to use the system roots. If something seems to ignore the system roots, create an issue so it can be tracked down and fixed.

Overridden Bundled Roots

Python
- requests
- botocore
- grpc

You can edit this page on GitHub.

Docs

General

Development

Application

Self-Hosted

Frontend

Backend

Services

SDK Development

Integrations

Resources

Meta Documentation

Self-Hosted Custom CA Roots

Note

Dependencies With Bundled Roots

Overridden Bundled Roots