Remake: Setting up Cockpit with a trusted SSL certificate (2021)
HTML-код
- Опубликовано: 9 июн 2021
- I did a remake for this video, since a couple of people have complained the previous version doesn't work for them.
I did a remake for both RHEL7 and RHEL8 connected to an IdM server on RHEL8.
In the video, I use a script on RHEL7 to concatenate the certificate and the key file. Drop this into /usr/local/sbin/cockpit_certs.sh and make it executable: gist.github.com/wzzrd/4790060...
The command that I issue on RHEL7 and RHEL8 to change the SELinux label on /etc/cockpit/ws-certs.d is:
semanage fcontext -a -t cert_t "/etc/cockpit/ws-certs.d(/.*)?"
Then, on RHEL7, I use this command to get the certificate:
"""
semanage fcontext -a -t cert_t "/etc/cockpit/ws-certs.d(/.*)?"
ipa-getcert request -f /etc/pki/tls/certs/$(hostname -f).cert -k /etc/pki/tls/private/$(hostname -f).key -D $(hostname -f) -C "/usr/local/sbin/cockpit_certs.sh $(hostname -f)" -K host/$(hostname -f)
"""
On RHEL8, the command is slightly different and simpler:
"""
ipa-getcert request -f /etc/cockpit/ws-certs.d/$(hostname -f).cert -k /etc/cockpit/ws-certs.d/$(hostname -f).key -D $(hostname -f) -K host/$(hostname -f) -m 0640 -o root:cockpit-ws -O root:root -M 0644
"""
Sound of the video is a little reverby. Sorry about that 😏
Blog that is more easy to copy-paste: 100things.wzzrd.com/2021/06/1...
Will this work on RHEL9.4 ?