How can I fix broken https on Cockpit?

How can I fix broken https on Cockpit?

I've just installed cockpit on my CentOS 8 box:

dnf install cockpit

systemctl start cockpit.socket
systemctl enable cockpit.socket

Once I'd let it through the firewall, I can get it up on a.b.c.d:9090 in my browser. But Chrome is saying Not secure, with https crossed out in the address bar. When I click on the warning and then Certiciate (invalid) it tells me Windows does not have enough information to verify this certificate. It says the certificate was issued by myhostname, to myhostname, and that it's valid from today until 2031. If I go toCertification paththenCertificate statusit saysThe issuer of this certificate could not be found.`

I'm unclear whether my connection IS encrypted or not. Is Chrome just saying it doesn't like the certificate, or is it actively not using it and forcing http?

I've checked the guide at https://cockpit-project.org/guide/latest/https.html and running remotectl certificate I can confirm that the file is there and is apparently being used.

How can I fix this?

Thank you!

答案1

Your connection is encrypted. The "problem" is that the certificate is not trusted by Chrome because it is not signed by a trusted certification authority which makes sense because it was created by Cockpit and self signed. You can either ignore this (especially if you are connecting only from a private network) or get a certificate from a certification authority like Let's Encrypt.

Cockpit with Let's Encrypt howto: https://github.com/cockpit-project/cockpit/wiki/Cockpit-with-LetsEncrypt

相关内容