diff --git a/docs/reference/administration/system-options.md b/docs/reference/administration/system-options.md index 3ab169d..7930053 100644 --- a/docs/reference/administration/system-options.md +++ b/docs/reference/administration/system-options.md @@ -62,6 +62,39 @@ snap set system proxy.https="http://:" > ⓘ Available only on Ubuntu Core. +## system pki.certs.custom + +Enables custom certificate management with the following options (replace `` with the certificate name): + +- **pki.certs.custom.\.content**: sets the certificate payload. This option must be set first to register the certificate in the database, and the `` used in the option becomes the initially registered certificate name +- **pki.certs.custom.\.name**: changes the registered certificate name after the certificate content has been set +- **pki.certs.custom.\.state**: sets the certificate state to `blocked` or `accepted`. If not explicitly set, the default state is `accepted`. Setting the state to `unset` removes the certificate + +The following example sets the certificate content, changes the certificate name, and blocks the certificate: + +``` +snap set system pki.certs.custom..content= +snap set system pki.certs.custom..name=new-name +snap set system pki.certs.custom..state=blocked +``` + +To remove the certificate, set its state to `unset` or unset it: + +``` +snap set system pki.certs.custom..state=unset +snap unset system pki.certs.custom. +``` + +Use `snap get` to retrieve the list of custom certificates: + +``` +snap get system pki.certs.custom +``` + +> ⓘ Available only on Ubuntu Core. + +> ⓘ Available since snapd _2.75_. + ## system refresh There are four system-wide options that are used to manage how updates are handed: