Creating and Applying SSL Certificates for Cockpit Web Interface
8#SSL #Certificates #HTTPS #Cockpit
Full steps can be found at https://i12bretro.github.io/tutorials/0739.html
--------------------------------------------------------------------
What is Cockpit?
--------------------------------------------------------------------
Cockpit is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser. - https://github.com/cockpit-project/cockpit
--------------------------------------------------------------------
Prerequisites
--------------------------------------------------------------------
- A XCA PKI database https://youtu.be/ezzj3x207lQ
--------------------------------------------------------------------
Create Your SSL Certificate
--------------------------------------------------------------------
01. Launch XCA
02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
03. Click on the Certificates tab, right click on your Intermediate CA certificate
04. Select New
05. On the Source tab, make sure Use this Certificate for signing is selected
06. Verify your Intermediate CA certificate is selected from the drop down
07. Click the Subject tab
08. Complete the Distinguished Name section
internalName: debian.i12bretro.local
countryName: US
stateOrProvinceName: Virginia
localityName: Northern
organizationName: i12bretro
organizationUnitName: i12bretro Certificate Authority
commonName: debian.i12bretro.local
09. Click the Generate a New Key button
10. Enter a name and set the key size to at least 2048
11. Click Create
12. Click on the Extensions tab
13. Select End Entity from the type list
14. Click Edit next to Subject Alternative Name
15. Add any DNS or IP addresses that the certificate will identify
16. Update the validity dates to fit your needs
17. Click the Key Usage tab
18. Under Key Usage select Digital Signature, Key Encipherment
19. Under Extended Key Usage select Web Server and Web Client Authentication
20. Click the Netscape tab
21. Select SSL Server
22. Click OK to create the certificate
--------------------------------------------------------------------
Exporting Required Files
--------------------------------------------------------------------
01. In XCA, click on the Certificates tab
02. Right click the SSL certificate ≫ Export ≫ File
03. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
04. Click OK
05. Click the Private Keys tab
06. Right click the private key generated for the SSL certificate ≫ Export ≫ File
07. Set the file name with a .key extension and verify the export format is PKCS #8 (*.pk8)
08. Click OK
--------------------------------------------------------------------
Applying the Certificates to Cockpit
--------------------------------------------------------------------
Per the Cockpit documentation, Cockpit will "use the last file with a .cert or .crt extension in alphabetical order" and the private key "must be contained in a separate file with the same name as the certificate, but with a .key suffix"
01. Download WinSCP https://winscp.net/eng/downloads.php
02. Extract WinSCP and run the executable
03. Connect to the Cockpit host IP address via WinSCP
04. Copy the exported .crt and .key files to the target host home/$USER/Documents directory
05. Connect to the target host via SSH or console and run the following commands
# copy the .crt file
sudo cp ~/Documents/*.crt /etc/cockpit/ws-certs.d/
# copy the .key file
sudo cp ~/Documents/*.key /etc/cockpit/ws-certs.d/
# restart cockpit service
sudo systemctl restart cockpit
06. Open a web browser and navigate to the Cockpit web UI https://DNS:9090
07. The Cockpit web UI should be utilizing the new SSL certificate
Source: https://cockpit-project.org/guide/latest/https
### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro