Allow custom certificates when connecting to BN (#2703)

## Issue Addressed Resolves #2262 ## Proposed Changes Add a new CLI flag `--beacon-nodes-tls-certs` which allows the user to specify a path to a certificate file (or a list of files, separated by commas). The VC will then use these certificates (in addition to the existing certificates in the OS trust store) when connecting to a beacon node over HTTPS. ## Additional Info This only supports certificates in PEM format.
2026-04-17 12:58:31 +00:00 · 2021-10-15 00:07:11 +00:00
parent 05040e68ec
commit 7c23e2142a
5 changed files with 80 additions and 3 deletions
--- a/book/src/api-bn.md
+++ b/book/src/api-bn.md
@@ -163,8 +163,10 @@ curl -X GET "https://localhost:5052/eth/v1/node/version" -H  "accept: applicatio

 ```
 ### Connecting a validator client
-In order to connect a validator client to a beacon node over TLS, we need to
-add the certificate to the trust store of our operating system.
+In order to connect a validator client to a beacon node over TLS, the validator
+client needs to be aware of the certificate.
+There are two ways to do this:
+#### Option 1: Add the certificate to the operating system trust store
 The process for this will vary depending on your operating system.
 Below are the instructions for Ubuntu and Arch Linux:

@@ -185,6 +187,13 @@ Now the validator client can be connected to the beacon node by running:
 lighthouse vc --beacon-nodes https://localhost:5052
 ```

+#### Option 2: Specify the certificate via CLI
+You can also specify any custom certificates via the validator client CLI like
+so:
+```bash
+lighthouse vc --beacon-nodes https://localhost:5052 --beacon-nodes-tls-certs cert.pem
+```
+
 ## Troubleshooting

 ### HTTP API is unavailable or refusing connections