Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


trusted_ca (1) Versions 1.0.0

Installs trusted CA certificates from a data bag

cookbook 'trusted_ca', '~> 1.0.0', :supermarket
cookbook 'trusted_ca', '~> 1.0.0'
knife supermarket install trusted_ca
knife supermarket download trusted_ca
Quality 29%


This cookbook leverages the Chef-maintained trusted_certificate cookbook to manage local CAs from a data bag.



  • Debian
  • Ubuntu
  • Red Hat Enterprise Linux 6+ and derivatives


Data Bags

Trusted CA certificates must be added to a data bag item under the cert key.

Acceptable formats are:
* A base64-encoded certificate with newlines represented by \n, or
* A URL to a certificate stored on a web server, or
* A reference to a certificate file stored in another cookbook.

String Example
  "id": "Demo_Root_CA",

The CA certificate contained above will be installed to the local CA certificate directory as Demo_Root_CA.crt.

HTTP Example
  "id": "Company_Internal_CA",
  "cert": ""

The CA certificate linked above will be downloaded and installed to the local CA certificate directory as Company_Internal_CA.crt.


This cookbook reads three attributes to determine runtime behavior:
* node['trusted_ca']['data_bag'] - The name of the data bag in which certificates are stored.
* node['trusted_ca']['add'] - A string array of data bag items containing trusted CA certificates to be installed.
* node['trusted_ca']['remove'] - A string array of certificate names to remove from the system.

node['trusted_ca']['data_bag'] = "my_certs"
node['trusted_ca']['add'] = ['Demo_Root_CA']
node['trusted_ca']['remove'] = ['Bad_Root_CA']

This example will install the certificate Demo_Root_CA from data bag my_certs in the operating system's local CA certificate directory. If present, the certificate named Bad_Root_CA.crt will be deleted.

Note: This cookbook only manages local CAs. Global CAs shipped by your OS vendor cannot be removed by this cookbook.



  1. Installs the ca-certificates package from the OS package manager
  2. Installs or removes CA certificates listed in the add and remove attributes.

Dependent cookbooks

trusted_certificate >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

trusted_ca CHANGELOG

This file is used to list changes made in each version of the trusted_ca cookbook.


Initial public release.

Collaborator Number Metric

1.0.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

1.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Foodcritic Metric

1.0.0 failed this metric

FC067: Ensure at least one platform supported in metadata: trusted_ca/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric

1.0.0 passed this metric

Supported Platforms Metric

1.0.0 failed this metric

trusted_ca should declare what platform(s) it supports.

Testing File Metric

1.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

1.0.0 passed this metric