Specify certificate authority for Teleport authentication service


I’m wondering if there is a way to specify a certificate authority to be used by Teleport authentication service.
I expected I might find a way to specify a cert and key file in the auth_service config for example.

Hi @jadbaz,

So Teleport operates 2 internals certificate authorities (CA) purposefully:

  1. Used to sign User public keys
  2. Used to sign Node public keys

This is detailed further here along with how you can issue/use node certificates + issue/use user certificates. Let me know if that helps, if not can you expand on what you are trying to specify that isn’t configured with the given set up or an example? Thanks

Yes exactly, you said, as in the docs, Teleport operates 2 CAs.
And if I understand correctly these are self-signed root CAs.
So my question is: suppose I already an intermediate CA for example (or I create one), can I use that as a Teleport Node CA or User CA?
The intent is that all issued certificates have a chain back to my (or known) root CA and not a self-signed CA.

I’m not exactly sure at this point why I’d want this since this is all internal to Teleport but I would like at least to know if it’s possible

At the moment Teleport doesn’t support using any CA other than its own self-signed CA to issue host/user certificates. Such integration has been requested in the past, so it’s on the roadmap for us to look at.