Creating and Applying SSL Certificates for Cockpit Web Interface

#SSL #Certificates #HTTPS #Cockpit

Full steps can be found at https://i12bretro.github.io/tutorials/0739.html

What is Cockpit?

Cockpit is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser. - https://github.com/cockpit-project/cockpit

Prerequisites

   - A XCA PKI database  https://youtu.be/ezzj3x207lQ

Create Your SSL Certificate

   01. Launch XCA    02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password    03. Click on the Certificates tab, right click on your Intermediate CA certificate    04. Select New    05. On the Source tab, make sure Use this Certificate for signing is selected    06. Verify your Intermediate CA certificate is selected from the drop down    07. Click the Subject tab    08. Complete the Distinguished Name section          internalName: debian.i12bretro.local          countryName: US          stateOrProvinceName: Virginia          localityName: Northern          organizationName: i12bretro          organizationUnitName: i12bretro Certificate Authority          commonName: debian.i12bretro.local    09. Click the Generate a New Key button    10. Enter a name and set the key size to at least 2048    11. Click Create    12. Click on the Extensions tab    13. Select End Entity from the type list    14. Click Edit next to Subject Alternative Name    15. Add any DNS or IP addresses that the certificate will identify    16. Update the validity dates to fit your needs    17. Click the Key Usage tab    18. Under Key Usage select Digital Signature, Key Encipherment    19. Under Extended Key Usage select Web Server and Web Client Authentication    20. Click the Netscape tab    21. Select SSL Server    22. Click OK to create the certificate

Exporting Required Files

   01. In XCA, click on the Certificates tab    02. Right click the SSL certificate ≫ Export ≫ File    03. Set the file name with a .crt extension and verify the export format is PEM (.crt)    04. Click OK    05. Click the Private Keys tab    06. Right click the private key generated for the SSL certificate ≫ Export ≫ File    07. Set the file name with a .key extension and verify the export format is PKCS #8 (.pk8)    08. Click OK

Applying the Certificates to Cockpit

Per the Cockpit documentation, Cockpit will "use the last file with a .cert or .crt extension in alphabetical order" and the private key "must be contained in a separate file with the same name as the certificate, but with a .key suffix"      01. Download WinSCP  https://winscp.net/eng/downloads.php    02. Extract WinSCP and run the executable    03. Connect to the Cockpit host IP address via WinSCP    04. Copy the exported .crt and .key files to the target host home/$USER/Documents directory    05. Connect to the target host via SSH or console and run the following commands          # copy the .crt file          sudo cp ~/Documents/.crt /etc/cockpit/ws-certs.d/          # copy the .key file          sudo cp ~/Documents/.key /etc/cockpit/ws-certs.d/          # restart cockpit service          sudo systemctl restart cockpit    06. Open a web browser and navigate to the Cockpit web UI https://DNS:9090    07. The Cockpit web UI should be utilizing the new SSL certificate   Source:  https://cockpit-project.org/guide/latest/https  

Connect with me and others

★ Discord: https://discord.com/invite/EzenvmSHW8 ★ Reddit: https://reddit.com/r/i12bretro ★ Twitter: https://twitter.com/i12bretro ... https://www.youtube.com/watch?v=mEfg3zCnxXw