HTTPS invalid

Qemoo
Beiträge: 7
Registriert: 15 Apr 2020, 06:02

HTTPS invalid

Beitragvon Qemoo » 15 Apr 2020, 10:27

hi, I new in OPSI even new with system troubleshooting task.

I do install opsi-vm on our environment, and all look just fine but I notice when I try to use opsi on web browser.
When i browse with chrome/mozilla, the https ( https://<my server IP>:4447 or https://<serverhostname>:4447 )shown not secure. I just follow the instruction during 1st boot installation and on certificate part i do fill will correct details.

So, my question is How to make the https certificate secure?

Benutzeravatar
SisterOfMercy
Beiträge: 1196
Registriert: 22 Jun 2012, 19:18

Re: HTTPS invalid

Beitragvon SisterOfMercy » 15 Apr 2020, 20:18

Qemoo hat geschrieben:So, my question is How to make the https certificate secure?


It shows up as not secure because it is a self-signed cert.
You would have to use your own CA, which you would have to put in every cert store. Or you would use an external CA which is already present in most cert stores.

If other software in your environment also uses a self-signed cert, then I wouldn't bother.
Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!

Qemoo
Beiträge: 7
Registriert: 15 Apr 2020, 06:02

Re: HTTPS invalid

Beitragvon Qemoo » 16 Apr 2020, 07:15

so if i do have my own CA, which part on OPSI server i need to put it?

sorry i'm still newbie :(

Benutzeravatar
SisterOfMercy
Beiträge: 1196
Registriert: 22 Jun 2012, 19:18

Re: HTTPS invalid

Beitragvon SisterOfMercy » 16 Apr 2020, 17:34

Qemoo hat geschrieben:so if i do have my own CA, which part on OPSI server i need to put it?


in /etc/opsi/opsiconfd.conf you can set the location of your pem file.
Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!

Qemoo
Beiträge: 7
Registriert: 15 Apr 2020, 06:02

Re: HTTPS invalid

Beitragvon Qemoo » 22 Apr 2020, 10:30

okay noted. thanks for your help.

by the way, its is the CA file always in .pem or any like .crt?