ContextQMD
Back to Yugabyte Db

Add CA-signed certificates to YugabyteDB Anywhere

docs/content/v2.25/yugabyte-platform/security/enable-encryption-in-transit/trust-store.md

2026.1.1.0-b11.7 KB
Original Source

YugabyteDB Anywhere uses certificates to validate connections between YugabyteDB Anywhere and other external services, including:

When using self-signed or custom CA certificates, to enable YugabyteDB Anywhere to validate your TLS connections, you must add the certificates to the YugabyteDB Anywhere Trust Store

Add certificates to your trust store

To add a certificate to the YugabyteDB Anywhere Trust Store, do the following:

  1. Navigate to Admin > CA Certificates.

  2. Click Upload Trusted CA Certificate.

  3. Enter a name for the certificate.

  4. Click Upload, select your certificate (in .crt format) and click Save CA Certificate.

Rotate a certificate in your trust store

To rotate a certificate in your YugabyteDB Anywhere Trust Store, do the following:

  1. Navigate to Admin > CA Certificates.

  2. Click the ... button for the certificate and choose Update Certificate.

  3. Click Upload, select your certificate (in .crt format) and click Save CA Certificate.

Delete a certificate in your trust store

To delete a certificate in your YugabyteDB Anywhere Trust Store, do the following:

  1. Navigate to Admin > CA Certificates.

  2. Click the ... button for the certificate and choose Delete, then click Delete CA Certificate.